update

multisystem init
2025-04-08 15:07:24 +02:00 · 2024-12-25 16:28:38 +01:00 · 2024-12-05 20:09:11 +01:00
4 changed files with 110 additions and 112 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -30,7 +30,7 @@ in
 		#	"ddcci-driver"	# Brightness Controll (even on OLEDS)
 		#	"i2c-dev"		# Brightness Controll (even on OLEDS)
 		#];
-		kernelParams = [ "module_blacklist=i915" "nvidia_drm.modeset=1" ];
+		#kernelParams = [ "module_blacklist=i915" "nvidia_drm.modeset=1" ];
 		#kernelPatches = [ {
 		#	name = "hdr";
 		#	patch = null;
@ -38,15 +38,21 @@ in
 		#		AMD_PRIVATE_COLOR y
 		#	'';
 		#	} ];
-		extraModprobeConfig = ''
-			options nvidia_drm modes.et=1 fbdev=1
-			options nvidia NVreg_PreserveVideoMemoryAllocations=1
-		'';
+		#extraModprobeConfig = ''
+		#	options nvidia_drm modes.et=1 fbdev=1
+		#	options nvidia NVreg_PreserveVideoMemoryAllocations=1
+		#'';
 		loader = {
 			efi.canTouchEfiVariables = true;
-			systemd-boot = {
-				consoleMode = "max";
-				memtest86.enable = true;
+			efi.efiSysMountPoint = "/boot";
+			#systemd-boot = {
+			#	consoleMode = "max";
+			#	memtest86.enable = true;
+			#};
+			grub =  {
+				enable = true;
+				efiSupport = true;
+				device = "nodev";
 			};
 		};
 		initrd.systemd.enable = true;
@ -55,11 +61,11 @@ in
 	# Filesystems
 	fileSystems =
 	{
-		"/share" = {
-			options = [
-				"nofail"
-			];
-		};
+		#"/share" = {
+		#	options = [
+		#		"nofail"
+		#	];
+		#};
 	};

 	# Graphics 
@ -67,30 +73,33 @@ in
 		graphics = {
 			enable = true;
 			enable32Bit = true;
+			extraPackages = with pkgs; [
+				vpl-gpu-rt	# newer gpus
+				intel-media-sdk	# older gpus
+			];
 		};	
-		nvidia	= {
-			modesetting.enable = true; # required
-			powerManagement.enable = false; # Experimental
-			open = false; # Support limited to Turing and later: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
-			nvidiaSettings = true; # accessible via nvidia-settings
-			package = config.boot.kernelPackages.nvidiaPackages.stable;
-		};
+		bluetooth.enable = true;
+		#nvidia	= {
+		#	modesetting.enable = true; # required
+		#	powerManagement.enable = false; # Experimental
+		#	open = false; # Support limited to Turing and later: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
+		#	nvidiaSettings = true; # accessible via nvidia-settings
+		#	package = config.boot.kernelPackages.nvidiaPackages.stable;
+		#};
 	};

 networking = 
 {
-	hostName = "Zuse1"; # Define your hostname.
-	#nameservers = [
-	#	"127.0.0.1"
-	#	"::1"
-	#	"192.168.178.1"
-	#	"fd00::b2f2:8ff:fe44:3002"
-	#	"2a02:8071:6240:2400:b2f2:8ff:fe44:3002"
-	#	"1.1.1.3"
-	#	"1.0.0.3"
-	#	"2606:4700:4700::1113"
-	#	"2606:4700:4700::1003"
-	#];
+	hostName = "Zuse2"; # Define your hostname
+	networkmanager.enable = true;
+	wireless.userControlled.enable = true;
+	nameservers = [
+		"192.168.178.36"
+		"1.1.1.3"
+		#"1.0.0.3"
+		#"2606:4700:4700::1113"
+		#"2606:4700:4700::1003"
+	];
 };
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
@ -117,13 +126,13 @@ networking =
 services.xserver = {
 	enable = true;

-	videoDrivers = [ "nvidia" ];
+	#videoDrivers = [ "nvidia" ];
 	excludePackages = with pkgs; [
 		xterm	# why the fuck is this garbage even shipped?
 	];

 	# Configure keymap in X11
-	xkb.layout = "us";
+	xkb.layout = "de";
 	xkb.options = "eurosign:e,caps:escape";

 	# DWM (minimal Xorg Fallback)
@ -159,6 +168,9 @@ services.gnome.gnome-keyring.enable = true;
 security.pam.services.sddm.enableGnomeKeyring = true;
 security.pam.services.hyprlock.enableGnomeKeyring = true;

+# Bluetooth managment
+services.blueman.enable = true;
+
 # Enable CUPS to print documents.
 services.printing.enable = true;

@ -198,19 +210,31 @@ security.krb5 = {
 	enable = true;
 	settings = {
 		libdefaults = {
-    		default_realm = "UNI-PADERBORN.DE";
+    			default_realm = "UNI-PADERBORN.DE";
+    			#default_realm = "WILZER.XYZ";
 			forwardable = true;
 			ticket_lifetime = "10h";
 			renew_lifetime = "7d";
 			dns_lookup_realm = true;
 			dns_lookup_kdc = true;
 		};
+		realms = {
+			"WILZER.XYZ" = {
+				admin_server = "kerberos.wilzer.xyz";
+				kdc = "kerberos.wilzer.xyz";
+			};
+		};
+		domain_realm = {
+			"wilzer.xyz" = "WILZER.XYZ";
+			".wilzer.xyz" = "WILZER.XYZ";
+		};
 	};
 };

  # Enable touchpad support (enabled default in most desktopManager).
  # services.libinput.enable = true;

+
 # /share
 users.groups.share = {};

@ -247,6 +271,13 @@ systemd.tmpfiles.rules = [
 	shell = pkgs.zsh;
  };

+  users.users.kiosk = {
+  	isNormalUser = true;
+	home = "/var/kiosk";
+	homeMode = "700";
+	extraGroups = ["audio"];
+  };
+
 # Font Config
 fonts =  {
 	enableDefaultPackages = true;
@ -290,14 +321,6 @@ environment.sessionVariables = rec {
 	];
 };

-environment.etc.crypttab = {
-	mode = "0600";
-	text = ''
-	# <volume-name> <encrypted-device> [key-file] [options]
-	swap	/dev/disk/by-uuid/48a41300-6d83-4968-9248-a819d17fee3c - tpm2-device=auto
-	'';
-};
-
  # List packages installed in system profile. To search, run:
  # $ nix search wget
 	nixpkgs.config.allowUnfree = true;
@ -315,6 +338,7 @@ environment.etc.crypttab = {
      		#backgroundbin = "$XDG_PICTURES_DIR/Wallpapers/current";
      		loginBackground = true;
      		})
+		networkmanagerapplet # Network Manager GUI
 	];
 	
 	programs = {
@ -358,7 +382,9 @@ programs.gnupg.agent = {
 	enableSSHSupport = true;
 };

-security.polkit.extraConfig = ''
+security.polkit = {
+	enable = true;
+	extraConfig = ''
    polkit.addRule(function(action, subject) {
      if (
        subject.isInGroup("users")
@ -374,23 +400,7 @@ security.polkit.extraConfig = ''
      }
    })
  '';
-
-systemd.user.services =
-{
-	polkit-gnome-authentication-agent-1 = {
-			description = "polkit-gnome-authentication-agent-1";
-			wantedBy = [ "graphical-session.target" ];
-			wants = [ "graphical-session.target" ];
-			after = [ "graphical-session.target" ];
-			serviceConfig = {
-			Type = "simple";
-			ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
-			Restart = "on-failure";
-			RestartSec = 1;
-			TimeoutStopSec = 10;
-		};
-	};
-};
+  };

 system.userActivationScripts.linktosharedfolder.text = ''
  if [[ ! -h "$XDG_MUSIC_DIR" ]]; then
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "crane": {
      "locked": {
-        "lastModified": 1730652660,
-        "narHash": "sha256-+XVYfmVXAiYA0FZT7ijHf555dxCe+AoAT5A6RU+6vSo=",
+        "lastModified": 1741148495,
+        "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "a4ca93905455c07cb7e3aca95d4faf7601cba458",
+        "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53",
        "type": "github"
      },
      "original": {
@ -18,11 +18,11 @@
    "flake-compat": {
      "flake": false,
      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "lastModified": 1733328505,
+        "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
        "owner": "edolstra",
        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
        "type": "github"
      },
      "original": {
@ -39,11 +39,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730504689,
-        "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
+        "lastModified": 1740872218,
+        "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "506278e768c2a08bec68eb62932193e341f55c90",
+        "rev": "3876f6b87db82f33775b1ef5ea343986105db764",
        "type": "github"
      },
      "original": {
@ -86,11 +86,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1731941836,
-        "narHash": "sha256-zpmAzrvK8KdssBSwiIwwRxaUJ77oWORbW0XFvgCFpTE=",
+        "lastModified": 1741442524,
+        "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=",
        "owner": "nix-community",
        "repo": "lanzaboote",
-        "rev": "2f48272f34174fd2a5ab3df4d8a46919247be879",
+        "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4",
        "type": "github"
      },
      "original": {
@ -101,11 +101,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1732521221,
-        "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
+        "lastModified": 1743964447,
+        "narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
+        "rev": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8",
        "type": "github"
      },
      "original": {
@ -115,22 +115,6 @@
        "type": "github"
      }
    },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1720386169,
-        "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-24.05",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "pre-commit-hooks-nix": {
      "inputs": {
        "flake-compat": [
@ -141,15 +125,14 @@
        "nixpkgs": [
          "lanzaboote",
          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
+        ]
      },
      "locked": {
-        "lastModified": 1730302582,
-        "narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
+        "lastModified": 1740915799,
+        "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
+        "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
        "type": "github"
      },
      "original": {
@ -172,11 +155,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1730601085,
-        "narHash": "sha256-Sgax33jGuvVHTjl1P78IwzlhAGyOxtx5Q26inKja8S4=",
+        "lastModified": 1741228283,
+        "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "8d1b40f8dfd7539aaa3de56e207e22b3cc451825",
+        "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -38,6 +38,12 @@
          })
        ];
      };
+      Zuse2 = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+      	modules = [
+		./configuration.nix
+	];
+      };
    };
  };
 }
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -8,33 +8,30 @@
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/2ba31f86-69eb-448c-a224-7bb228803f95";
+    { device = "/dev/disk/by-uuid/445ce2b5-db78-48b5-bde7-1aa3057bafae";
      fsType = "btrfs";
    };

-  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/b9457757-75bc-494e-adaa-87d772b93cbd";
+  fileSystems."/var/lib/docker/btrfs" =
+    { device = "/var/lib/docker/btrfs";
+      fsType = "none";
+      options = [ "bind" ];
+    };

  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/12CE-A600";
+    { device = "/dev/disk/by-uuid/3139-13CA";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };

-  fileSystems."/share" =
-    { device = "/dev/disk/by-uuid/61d599a8-170a-4e97-abb3-cd0cb32edac2";
-      fsType = "btrfs";
-    };
-
-  boot.initrd.luks.devices."share".device = "/dev/disk/by-uuid/87aa812d-b5dd-44b7-bb4d-303d6ac7c11a";
-
  swapDevices =
-    [ { device = "/dev/disk/by-uuid/a07a0f5b-012b-4b37-b052-8e2da8615413"; }
+    [ { device = "/dev/disk/by-uuid/4fc7c055-f053-4bfa-a609-58ad9444450f"; }
    ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -42,7 +39,9 @@
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.docker0.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
Author	SHA1	Message	Date
Leon Wilzer	30bdbebdda	update	2025-04-08 15:07:24 +02:00
Leon Wilzer	ae304c6902	update	2024-12-25 16:28:38 +01:00
Leon Wilzer	d341f7280b	multisystem init	2024-12-05 20:09:11 +01:00