Compare commits

..

3 Commits

Author SHA1 Message Date
30bdbebdda update 2025-04-08 15:07:24 +02:00
ae304c6902 update 2024-12-25 16:28:38 +01:00
d341f7280b multisystem init 2024-12-05 20:09:11 +01:00
5 changed files with 140 additions and 193 deletions

0
.gitmodules vendored Normal file
View File

View File

@ -23,14 +23,14 @@ in
# Use the systemd-boot EFI boot loader.
boot = {
kernelPackages = pkgs.linuxPackages_zen;
extraModulePackages = [
config.boot.kernelPackages.ddcci-driver # ddcci-driver
];
kernelModules = [
"ddcci-driver" # Brightness Controll (even on OLEDS)
"i2c-dev" # Brightness Controll (even on OLEDS)
];
kernelParams = [ "module_blacklist=i915" "nvidia_drm.modeset=1" ];
#extraModulePackages = [
# config.boot.kernelPackages.ddcci-driver # ddcci-driver
#];
#kernelModules = [
# "ddcci-driver" # Brightness Controll (even on OLEDS)
# "i2c-dev" # Brightness Controll (even on OLEDS)
#];
#kernelParams = [ "module_blacklist=i915" "nvidia_drm.modeset=1" ];
#kernelPatches = [ {
# name = "hdr";
# patch = null;
@ -38,32 +38,34 @@ in
# AMD_PRIVATE_COLOR y
# '';
# } ];
extraModprobeConfig = ''
options nvidia_drm modes.et=1 fbdev=1
options nvidia NVreg_PreserveVideoMemoryAllocations=1
'';
#extraModprobeConfig = ''
# options nvidia_drm modes.et=1 fbdev=1
# options nvidia NVreg_PreserveVideoMemoryAllocations=1
#'';
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
consoleMode = "max";
memtest86.enable = true;
efi.efiSysMountPoint = "/boot";
#systemd-boot = {
# consoleMode = "max";
# memtest86.enable = true;
#};
grub = {
enable = true;
efiSupport = true;
device = "nodev";
};
};
initrd.systemd.enable = true;
kernel.sysctl = {
"kernel.perf_event_paranoid" = true;
"kernel.kptr_restrict" = false;
};
};
# Filesystems
fileSystems =
{
"/share" = {
options = [
"nofail"
];
};
#"/share" = {
# options = [
# "nofail"
# ];
#};
};
# Graphics
@ -71,33 +73,38 @@ in
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
vpl-gpu-rt # newer gpus
intel-media-sdk # older gpus
];
};
nvidia = {
modesetting.enable = true; # required
powerManagement.enable = false; # Experimental
open = false; # Support limited to Turing and later: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
nvidiaSettings = true; # accessible via nvidia-settings
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
bluetooth.enable = true;
#nvidia = {
# modesetting.enable = true; # required
# powerManagement.enable = false; # Experimental
# open = false; # Support limited to Turing and later: https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# nvidiaSettings = true; # accessible via nvidia-settings
# package = config.boot.kernelPackages.nvidiaPackages.stable;
#};
};
networking =
{
hostName = "Zuse1"; # Define your hostname.
hostName = "Zuse2"; # Define your hostname
networkmanager.enable = true;
wireless.userControlled.enable = true;
nameservers = [
"192.168.178.36"
"1.1.1.3"
"1.0.0.3"
"2606:4700:4700::1113"
"2606:4700:4700::1003"
#"1.0.0.3"
#"2606:4700:4700::1113"
#"2606:4700:4700::1003"
];
networkmanager = {
enable = true;
#dns = "none";
};
#useDHCP = false;
#dhcpcd.enable = false;
#firewall.checkReversePath = false; # Needed to route all traffic through WireGuard
};
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -119,13 +126,13 @@ networking =
services.xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
#videoDrivers = [ "nvidia" ];
excludePackages = with pkgs; [
xterm # why the fuck is this garbage even shipped?
];
# Configure keymap in X11
xkb.layout = "us";
xkb.layout = "de";
xkb.options = "eurosign:e,caps:escape";
# DWM (minimal Xorg Fallback)
@ -150,21 +157,20 @@ services.displayManager.sddm =
enable = true;
autoNumlock = true; # Enable NumLock at login
wayland.enable = true;
settings = {
Autologin = {
Session = "hyprland-systemd.desktop";
};
};
theme = "catppuccin-mocha";
package = pkgs.kdePackages.sddm;
};
services.xserver.displayManager.startx.enable = true;
services.desktopManager.plasma6.enable = true;
# GNOME Keyring
services.gnome.gnome-keyring.enable = true;
security.pam.services.sddm.enableGnomeKeyring = true;
security.pam.services.hyprlock.enableGnomeKeyring = true;
# Bluetooth managment
services.blueman.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
@ -191,11 +197,6 @@ services.transmission = {
webHome = pkgs.flood-for-transmission;
};
services.jellyfin = {
enable = true;
openFirewall = true;
};
# (p)locate, quickly find files
services.locate.package = {
enable = true;
@ -209,19 +210,31 @@ security.krb5 = {
enable = true;
settings = {
libdefaults = {
default_realm = "UNI-PADERBORN.DE";
default_realm = "UNI-PADERBORN.DE";
#default_realm = "WILZER.XYZ";
forwardable = true;
ticket_lifetime = "10h";
renew_lifetime = "7d";
dns_lookup_realm = true;
dns_lookup_kdc = true;
};
realms = {
"WILZER.XYZ" = {
admin_server = "kerberos.wilzer.xyz";
kdc = "kerberos.wilzer.xyz";
};
};
domain_realm = {
"wilzer.xyz" = "WILZER.XYZ";
".wilzer.xyz" = "WILZER.XYZ";
};
};
};
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# /share
users.groups.share = {};
@ -233,13 +246,11 @@ users.groups.i2c = {};
# Create or adjust /share and /steam
systemd.tmpfiles.rules = [
"q /steam 774 root steam"
"q /steam 774 root steam"
"Z /steam 774 - steam"
"v /share 774 root share"
"v /share 774 root share"
"Z /share 774 - share"
"q /share/Media 775 jellyfin share"
"Z /share/Media 775 jellyfin share"
"q /home/leon/Downloads 770 leon users 1d"
"q /home/leon/Downloads 770 leon users 1d"
];
# Define a user account. Don't forget to set a password with passwd.
@ -256,20 +267,15 @@ systemd.tmpfiles.rules = [
"docker" # Docker Root
"libvirtd" # virtualization
"transmission" # Linux Torrents
"networkmanager" # Configure Networking
];
shell = pkgs.zsh;
};
users.users.leila = {
isNormalUser = true;
extraGroups = [
"steam" # /steam
"audio" # audio
"video" # video
"i2c" # needed for ddcci
];
shell = pkgs.bash;
users.users.kiosk = {
isNormalUser = true;
home = "/var/kiosk";
homeMode = "700";
extraGroups = ["audio"];
};
# Font Config
@ -277,7 +283,7 @@ fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
fira # My favorite font
nerd-fonts.fira-code # My favorite programming font
fira-code-nerdfont # My favorite programming font
fira-code-symbols # My favorite programming glyphs
fira-math # My favorite math font
];
@ -315,31 +321,30 @@ environment.sessionVariables = rec {
];
};
environment.etc.crypttab = {
mode = "0600";
text = ''
# <volume-name> <encrypted-device> [key-file] [options]
swap /dev/disk/by-uuid/48a41300-6d83-4968-9248-a819d17fee3c - tpm2-device=auto
'';
};
# List packages installed in system profile. To search, run:
# $ nix search wget
nixpkgs.config.allowUnfree = true;
#nixpkgs.config.segger-jlink.acceptLicense = true;
environment.systemPackages = with pkgs; [
xorg.xauth # Dependency of startx (??)
home-manager # Nix's Home-Manager
egl-wayland # NVIDIA compat
nvidia-vaapi-driver # NVIDIA compat
networkmanagerapplet # Network Manager Applet
xorg.xauth # Dependency of startx (??)
home-manager # Nix's Home-Manager
egl-wayland # NVIDIA compat
nvidia-vaapi-driver # NVIDIA compat
catppuccin-cursors.mochaDark # Catppuccin Mouse Cursors
(catppuccin-sddm.override {
flavor = "mocha";
font = "Fira Sans";
fontSize = "9";
#backgroundbin = "$XDG_PICTURES_DIR/Wallpapers/current";
loginBackground = true;
})
networkmanagerapplet # Network Manager GUI
];
programs = {
hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
steam = {
enable = true;
@ -358,7 +363,7 @@ environment.etc.crypttab = {
];
};
virt-manager.enable = true;
#seahorse.enable = true; # managed by plasma6
seahorse.enable = true;
zsh.enable = true;
neovim.enable = true;
git.enable = true;
@ -373,11 +378,13 @@ environment.etc.crypttab = {
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = {
enable = false;
enableSSHSupport = false;
enable = true;
enableSSHSupport = true;
};
security.polkit.extraConfig = ''
security.polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function(action, subject) {
if (
subject.isInGroup("users")
@ -393,23 +400,7 @@ security.polkit.extraConfig = ''
}
})
'';
systemd.user.services =
{
polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
};
system.userActivationScripts.linktosharedfolder.text = ''
if [[ ! -h "$XDG_MUSIC_DIR" ]]; then
@ -428,17 +419,6 @@ virtualisation.docker = {
virtualisation.libvirtd.enable = true;
catppuccin = {
enable = true;
accent = "blue";
sddm = {
enable = true;
font = "Fira Sans";
fontSize = "9";
loginBackground = true;
background = "/home/leon/Pictures/Wallpapers/current";
};
};
# Man pages
documentation.dev.enable = true;
@ -459,6 +439,12 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.

73
flake.lock generated
View File

@ -1,30 +1,12 @@
{
"nodes": {
"catppuccin": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1739934729,
"narHash": "sha256-PcrLk10meIJICzUJqtCMOJxoITzbH52fZg2XAB7SSsM=",
"owner": "catppuccin",
"repo": "nix",
"rev": "b1ff2a638afa827f1473498190a2c1cae1cf41cf",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1739936662,
"narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=",
"lastModified": 1741148495,
"narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=",
"owner": "ipetkov",
"repo": "crane",
"rev": "19de14aaeb869287647d9461cbd389187d8ecdb7",
"rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53",
"type": "github"
},
"original": {
@ -57,11 +39,11 @@
]
},
"locked": {
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"lastModified": 1740872218,
"narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"rev": "3876f6b87db82f33775b1ef5ea343986105db764",
"type": "github"
},
"original": {
@ -104,11 +86,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1741001137,
"narHash": "sha256-XxWib5eI3rgMPA4VzDHOx89WT76IN/ZNb+votz5gakw=",
"lastModified": 1741442524,
"narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "cc9786aa8158437facead0d8e21ac0c03be91dc8",
"rev": "d8099586d9a84308ffedac07880e7f07a0180ff4",
"type": "github"
},
"original": {
@ -119,27 +101,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1736012469,
"narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1741173522,
"narHash": "sha256-k7VSqvv0r1r53nUI/IfPHCppkUAddeXn843YlAC5DR0=",
"lastModified": 1743964447,
"narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d69ab0d71b22fa1ce3dbeff666e6deb4917db049",
"rev": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8",
"type": "github"
},
"original": {
@ -162,11 +128,11 @@
]
},
"locked": {
"lastModified": 1737465171,
"narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
"lastModified": 1740915799,
"narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
"rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
"type": "github"
},
"original": {
@ -177,9 +143,8 @@
},
"root": {
"inputs": {
"catppuccin": "catppuccin",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs"
}
},
"rust-overlay": {
@ -190,11 +155,11 @@
]
},
"locked": {
"lastModified": 1740364262,
"narHash": "sha256-X5EtT29uEtXN2E4bDiDU2HGBdmFHjHf1KbP6iKP0cmg=",
"lastModified": 1741228283,
"narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "7c5892ad87b90d72668964975eebd4e174ff6204",
"rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403",
"type": "github"
},
"original": {

View File

@ -3,7 +3,6 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
catppuccin.url = "github:catppuccin/nix";
lanzaboote = {
url = "github:nix-community/lanzaboote";
@ -12,14 +11,13 @@
};
};
outputs = inputs@{ nixpkgs, lanzaboote, catppuccin, ... }: {
outputs = inputs@{ nixpkgs, lanzaboote, ... }: {
nixosConfigurations = {
Zuse1 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
lanzaboote.nixosModules.lanzaboote
catppuccin.nixosModules.catppuccin
({ pkgs, lib, ... }: {
environment.systemPackages = [
@ -40,6 +38,12 @@
})
];
};
Zuse2 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
];
};
};
};
}

View File

@ -8,39 +8,30 @@
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2ba31f86-69eb-448c-a224-7bb228803f95";
{ device = "/dev/disk/by-uuid/445ce2b5-db78-48b5-bde7-1aa3057bafae";
fsType = "btrfs";
};
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/b9457757-75bc-494e-adaa-87d772b93cbd";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/12CE-A600";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/share" =
{ device = "/dev/disk/by-uuid/61d599a8-170a-4e97-abb3-cd0cb32edac2";
fsType = "btrfs";
};
boot.initrd.luks.devices."share".device = "/dev/disk/by-uuid/87aa812d-b5dd-44b7-bb4d-303d6ac7c11a";
fileSystems."/var/lib/docker/btrfs" =
{ device = "/var/lib/docker/btrfs";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/3139-13CA";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/a07a0f5b-012b-4b37-b052-8e2da8615413"; }
[ { device = "/dev/disk/by-uuid/4fc7c055-f053-4bfa-a609-58ad9444450f"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -50,6 +41,7 @@
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;