nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.nx2.site:20022/nx2/dotfiles

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-07-28 17:19:29 +02:00
parent 73b0e338fc 4b42af4523
commit 5d1d2c49e5
23 changed files with 857 additions and 955 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
system-modules/boot.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, host, inputs, ... }:
{ config, pkgs, pkgs-unstable, lib, host, inputs, ... }:
let
grub-theme-ascii-diana = (pkgs.fetchFromGitea {
domain = "git.nx2.site";
@@ -76,7 +76,7 @@ in
# '';
# };
};
# kernelPackages = pkgs.linuxPackages_latest;
kernelPackages = pkgs-unstable.linuxPackages_zen;
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
kernelModules = [ "v4l2loopback" ];
extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1'';

4
system-modules/davmail.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, user, allowed, secrets, ... }:
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
@@ -43,4 +43,4 @@
davmail.enableKerberos = false;
};
};
}
}

37
system-modules/hsmw.nix
View File

@@ -1,24 +1,31 @@
{ pkgs, lib, host, secrets, ... }:
lib.mkIf (host != "NxACE")
{
environment.systemPackages = [
pkgs.strongswanNM
environment.systemPackages = with pkgs; [
strongswanNM
];
environment.etc = {
# Easyroam
"ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
"ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
"ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
"NetworkManager/system-connections/eduroam.nmconnection" = {
text = secrets.easyroamHSMW.nmconfig;
mode = "0600";
};
# # Easyroam
# "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
# "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
# "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
# "NetworkManager/system-connections/eduroam.nmconnection" = {
# text = secrets.easyroamHSMW.nmconfig;
# mode = "0600";
# };
"ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"'';
"ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
"ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
# "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.un}@hs-mittweida.de : EAP "megasecret"'';
# "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
# "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
};
sops.secrets = {
"USERTrust/ECC" = { path = "/etc/ipsec.d/USERTrust-ECC.pem"; };
"USERTrust/RSA" = { path = "/etc/ipsec.d/USERTrust-RSA.pem"; };
"hsmw-vpn-secret" = { path = "/etc/ipsec.d/hsmw.secret"; mode = "600"; };
};
networking.networkmanager.enableStrongSwan = true;
@@ -35,7 +42,7 @@ lib.mkIf (host != "NxACE")
left = "%defaultroute";
leftid = "%any";
leftauth = "eap";
eap_identity = secrets.email.hsmw.mail;
eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
leftsourceip = "%config";
leftdns = "%config4";
leftfirewall = "no";
@@ -73,7 +80,7 @@ lib.mkIf (host != "NxACE")
"openssl"
"resolve"
];
secrets = [ "/etc/ipsec.d/hsmw.secrets" ];
secrets = [ "/etc/ipsec.d/hsmw.secret" ];
ca = {
hsmw = {
auto = "add";

121
system-modules/nvidia.nix
View File

@@ -1,69 +1,68 @@
{ config, pkgs, pkgs-unstable, lib, nvidia, ... }:
{ config, pkgs, lib, nvidia, ... }:
lib.mkIf nvidia.enable
{
config = lib.mkIf nvidia.enable {
environment.systemPackages = with pkgs; [
lshw
glxinfo
(pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export __VK_LAYER_NV_optimus=NVIDIA_only
exec "$@"
'')
] ++ [
# pkgs-unstable.nvtopPackages.intel
# pkgs-unstable.nvtopPackages.nvidia
];
environment.systemPackages = with pkgs; [
lshw
glxinfo
(pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
export __GLX_VENDOR_LIBRARY_NAME=nvidia
export __VK_LAYER_NV_optimus=NVIDIA_only
exec "$@"
'')
# ] ++ [
# pkgs-unstable.nvtopPackages.intel
# pkgs-unstable.nvtopPackages.nvidia
];
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = [ "nvidia" ];
# Load nvidia driver for Xorg and Wayland
services.xserver.videoDrivers = [ "nvidia" ];
hardware = {
nvidia = {
prime = lib.mkIf nvidia.prime {
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
offload = {
enable = true;
enableOffloadCmd = true;
};
hardware = {
nvidia = {
prime = lib.mkIf nvidia.prime {
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
offload = {
enable = true;
enableOffloadCmd = true;
};
modesetting.enable = true;
# Modesetting is required.
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = true;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
modesetting.enable = true;
# Modesetting is required.
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = nvidia.prime;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.beta;
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
}

42
system-modules/ollama.nix
View File

@@ -1,46 +1,12 @@
{ pkgs, lib, host, nvidia, ... }:
{ pkgs, pkgs-unstable, lib, host, nvidia, ... }:
let p = pkgs-unstable; in
{
environment.systemPackages = with pkgs; [
environment.systemPackages = with p; [
ollama
];
# services.ollama.environmentVariables = {
# OLLAMA_ORIGINS = "*";
# };
# systemd.services.ollama = {
# environment.OLLAMA_ORIGINS = "*";
# description = "Ollama Service";
# after = [ "network-online.target" "ollama-doesnt-respect-xdg-data-home.service" ];
# serviceConfig = {
# Type = "simple";
# # Environment = "\"XDG_DATA_HOME=/run/current-system/sw/share\"";
# ExecStart = "${pkgs.ollama}/bin/ollama serve";
# User = "ollama";
# Group = "ollama";
# Restart = "always";
# RestartSec = "3";
# };
# wantedBy = [ "default.target" ];
# };
# users.users.ollama = {
# isSystemUser = true;
# home = "/usr/share/ollama";
# shell = "/bin/false";
# group = "ollama";
# };
# users.groups.ollama = {};
# systemd.services.ollama-doesnt-respect-xdg-data-home = {
# wantedBy = ["multi-user.target"];
# script = ''
# mkdir -p /usr/share/ollama/.ollama
# chown ollama:ollama -R /usr/share/ollama
# '';
# };
services.ollama = {
package = p.ollama;
enable = true;
acceleration = lib.mkIf nvidia.enable "cuda";
listenAddress = if host == "NxACE" then "0.0.0.0:11434" else "127.0.0.1:11434";

4
system-modules/sound.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, system, user, allowed, secrets, ... }:
{ config, pkgs, lib, ... }:
{
services.pipewire = {
@@ -9,4 +9,4 @@
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
}
}

4
system-modules/users.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, system, host, user, allowed, secrets, ... }:
{ pkgs, lib, host, user, ... }:
{
users.defaultUserShell = pkgs.bash; # if interactive, itll switch to fish
@@ -10,13 +10,11 @@
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key
];
packages = with pkgs; []; # all in home.nix
};
users.users.tv = lib.mkIf (host == "NxACE") {
isNormalUser = true;
extraGroups = [ "networkmanager" "audio" "video" "uinput" ];
useDefaultShell = true;
packages = with pkgs; []; # all in home.nix
};