Dandellion/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: Dandellion:master
Branches Tags
Dandellion:master Dandellion:25.11 Dandellion:24.11 Dandellion:23.05
..
compare: Dandellion:25.11
Branches Tags
Dandellion:25.11 Dandellion:master Dandellion:24.11 Dandellion:23.05

10 Commits
master ... 25.11

Author SHA1 Message Date
Daniel Olsen
a199e15e60 25.11 girls are unforgettable 2025-12-17 06:40:37 +01:00
Daniel Olsen
d9928885c8 kadsd 2025-12-10 07:52:57 +01:00
Daniel Olsen
f5a00999bd install fwupd 2025-07-18 00:36:49 +02:00
Daniel Olsen
a32f0ee342 Drop the new 2025-07-16 14:53:56 +02:00
Daniel Olsen
6cfc2b32a7 Rei III 2025-07-16 14:50:44 +02:00
System administrator
a8254832dd audio-and-unlock 2025-07-15 21:24:52 +02:00
Daniel Olsen
fa0dc92c7b jsdnkadn 2025-06-09 02:05:16 +02:00
Daniel Olsen
0d35606184 flake lock bump 2025-05-24 06:50:45 +02:00
Daniel Olsen
c3473320bc soryu: enable bluetooth 2025-05-20 23:36:26 +02:00
Daniel Olsen
cc9ffaf754 girigiri 2025-04-25 23:20:19 +02:00
12 changed files with 702 additions and 267 deletions
Expand all files Collapse all files

80
flake.lock generated
View File

@@ -149,12 +149,15 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -242,16 +245,16 @@
]
},
"locked": {
"lastModified": 1743808813,
"narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=",
"lastModified": 1765605144,
"narHash": "sha256-RM2xs+1HdHxesjOelxoA3eSvXShC8pmBvtyTke4Ango=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6",
"rev": "90b62096f099b73043a747348c11dbfcfbdea949",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
@@ -358,11 +361,11 @@
]
},
"locked": {
"lastModified": 1713543440,
"narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
"lastModified": 1752054764,
"narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=",
"owner": "guibou",
"repo": "nixGL",
"rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
"rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5",
"type": "github"
},
"original": {
@@ -421,11 +424,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1743420942,
"narHash": "sha256-b/exDDQSLmENZZgbAEI3qi9yHkuXAXCPbormD8CSJXo=",
"lastModified": 1762463231,
"narHash": "sha256-hv1mG5j5PTbnWbtHHomzTus77pIxsc4x8VrMjc7+/YE=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "de6fc5551121c59c01e2a3d45b277a6d05077bc4",
"rev": "52113c4f5cfd1e823001310e56d9c8d0699a6226",
"type": "github"
},
"original": {
@@ -453,16 +456,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1743703532,
"narHash": "sha256-s1KLDALEeqy+ttrvqV3jx9mBZEvmthQErTVOAzbjHZs=",
"lastModified": 1765762245,
"narHash": "sha256-3iXM/zTqEskWtmZs3gqNiVtRTsEjYAedIaLL0mSBsrk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bdb91860de2f719b57eef819b5617762f7120c70",
"rev": "c8cfcd6ccd422e41cc631a0b73ed4d5a925c393d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
@@ -531,11 +534,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743583204,
"narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=",
"lastModified": 1751011381,
"narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2c8d3f48d33929642c1c12cd243df4cc7d2ce434",
"rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7",
"type": "github"
},
"original": {
@@ -547,10 +550,12 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 0,
"narHash": "sha256-7PCBQ4aGVF8OrzMkzqtYSKyoQuU2jtpPi4lmABpe5X4=",
"path": "/nix/store/yl6bc4g0axk5z4v0lsz8fzpxkc3yv1jl-source",
"type": "path"
"lastModified": 1762361079,
"narHash": "sha256-lz718rr1BDpZBYk7+G8cE6wee3PiBUpn8aomG/vLLiY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ffcdcf99d65c61956d882df249a9be53e5902ea5",
"type": "github"
},
"original": {
"id": "nixpkgs",
@@ -564,11 +569,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1743848787,
"narHash": "sha256-LyE0Sr3mTb/ElWjueF+Lp6bL2FtJcltREd/qvBM0C04=",
"lastModified": 1751281595,
"narHash": "sha256-y0fShu8oxqjP+LNNZWvxQGdlLkZmnK75nNCe8jfIfN0=",
"owner": "nix-community",
"repo": "NUR",
"rev": "5ec7bc0851c41c90f2b62f976fcbf2a0f6f4a88c",
"rev": "f73c91ffeff4282beb786e4e3de0db037fe07969",
"type": "github"
},
"original": {
@@ -668,6 +673,21 @@
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@@ -691,11 +711,11 @@
},
"unstable": {
"locked": {
"lastModified": 1743689281,
"narHash": "sha256-y7Hg5lwWhEOgflEHRfzSH96BOt26LaYfrYWzZ+VoVdg=",
"lastModified": 1765644376,
"narHash": "sha256-yqHBL2wYGwjGL2GUF2w3tofWl8qO9tZEuI4wSqbCrtE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2bfc080955153be0be56724be6fa5477b4eefabb",
"rev": "23735a82a828372c4ef92c660864e82fbe2f5fbe",
"type": "github"
},
"original": {

21
flake.nix
View File

@@ -2,9 +2,9 @@
description = "dandellion's home-manager profiles";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
home-manager.url = "github:nix-community/home-manager/release-24.11";
home-manager.url = "github:nix-community/home-manager/release-25.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
@@ -75,11 +75,11 @@
mkHomes = machines: extraArgs: nixlib.genAttrs machines (machine: mkHome ({inherit machine; } // extraArgs));
allMachines = [ "laptop" "desktop" "headless" "pvv-terminal" "ikari" ];
allMachines = [ "ayanami" "desktop" "headless" "pvv-terminal" "ikari" ];
in
{
homeConfigurations = mkHomes [ "laptop" "headless" "ikari" ] { }
homeConfigurations = mkHomes [ "ayanami" "headless" "ikari" ] { }
// mkHomes [ "desktop" ] { username = "dan"; }
// mkHomes [ "pvv-terminal" ] { username = "danio"; homeDirectory = "/home/pvv/d/danio"; };
@@ -90,11 +90,20 @@
inherit inputs;
};
modules = [
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./home/machines/ayanami.nix;
home-manager.extraSpecialArgs = {
overlays = defaultOverlays;
};
}
./hosts/ayanami/configuration.nix
nixos-hardware.nixosModules.lenovo-thinkpad-l480
nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2
];
};
soryu-old = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {

31
home/machines/ayanami.nix Normal file
View File

@@ -0,0 +1,31 @@
{ config, lib, pkgs, overlays, ... }:
{
nixpkgs.overlays = overlays;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
nixpkgs.config.allowUnfree = true;
imports = [ ../profiles ];
machine = {
name = "Ayanami";
eth = "enp5s0";
wlan = "wlp3s0";
secondary-fs = null;
};
profiles.base.enable = true;
profiles.base.plus = true;
profiles.xsession.enable = true;
profiles.audio.fancy = true;
profiles.zsh.enable = true;
profiles.games.enable = true;
profiles.timetracking.enable = true;
home.packages = [
pkgs.unstable.osu-lazer-bin
];
home.stateVersion = "24.11";
}

20
home/profiles/audio.nix
View File

@@ -1,7 +1,25 @@
{pkgs, config, lib, ...}:
let
cfg = config.profiles.audio;
audio-plugins = pkgs.symlinkJoin { name = "audio-plugins"; paths = [ pkgs.lsp-plugins pkgs.speech-denoiser ];};
# audio-plugins = pkgs.symlinkJoin {
# name = "audio-plugins";
# stripPrefix = "/lib";
# paths = [
# pkgs.lsp-plugins
# pkgs.rnnoise-plugin
# ];
# };
audio-plugins = pkgs.buildEnv {
name = "audio-plugins";
paths = [
pkgs.lsp-plugins
# pkgs.calf
# pkgs.tal-plugins
pkgs.rnnoise-plugin
];
# pathsToLink = [ "/lib/lv2" "/lib/ladspa" "/lib/clap" "/lib/vst" "/lib/vst3" ];
};
in
{
options.profiles.audio = {

20
home/profiles/base/default.nix
View File

@@ -81,7 +81,7 @@ in
eza
ripgrep
gregctl
# gregctl
# wack
#
unstable.ollama
@@ -92,13 +92,13 @@ in
sxiv
eog
dolphin
plasma5Packages.dolphin-plugins
ffmpegthumbs
plasma5Packages.kdegraphics-thumbnailers
plasma5Packages.kio
plasma5Packages.kio-extras
konsole # https://bugs.kde.org/show_bug.cgi?id=407990 reeee
kdePackages.dolphin
kdePackages.dolphin-plugins
kdePackages.ffmpegthumbs
kdePackages.kdegraphics-thumbnailers
kdePackages.kio
kdePackages.kio-extras
kdePackages.konsole # https://bugs.kde.org/show_bug.cgi?id=407990 reeee
gedit
@@ -111,7 +111,7 @@ in
libreoffice
thunderbird
kdenlive
kdePackages.kdenlive
frei0r
audacity
# inkscape
@@ -336,7 +336,7 @@ in
home.sessionVariables = {
EDITOR = "hx";
GRZEGORZ_DEFAULT_API_BASE = "https://georg.pvv.ntnu.no/api";
GRZEGORZ_DEFAULT_API_BASE = "https://georg-backend.pvv.ntnu.no/api/";
OLLAMA_HOST="100.64.0.19";
};

15
home/profiles/xsession/default.nix
View File

@@ -70,9 +70,9 @@ in
"XF86AudioMicMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-source-mute 1 toggle";
# Georg volume controls
"Shift+XF86AudioRaiseVolume" = "exec --no-startup-id ${lib.getExe pkgs.gregctl} set-volume -- +5%";
"Shift+XF86AudioLowerVolume" = "exec --no-startup-id ${lib.getExe pkgs.gregctl} set-volume -- -5%";
"Shift+XF86AudioMute" = "exec --no-startup-id ${lib.getExe pkgs.gregctl} toggle";
# "Shift+XF86AudioRaiseVolume" = "exec --no-startup-id ${lib.getExe pkgs.gregctl} set-volume -- +5%";
# "Shift+XF86AudioLowerVolume" = "exec --no-startup-id ${lib.getExe pkgs.gregctl} set-volume -- -5%";
# "Shift+XF86AudioMute" = "exec --no-startup-id ${lib.getExe pkgs.gregctl} toggle";
"XF86MonBrightnessUp" = "exec --no-startup-id brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec --no-startup-id brightnessctl set 5%-";
@@ -147,11 +147,12 @@ in
gtk = {
enable = true;
theme = {
package = pkgs.breeze-gtk;
# package = pkgs.breeze-gtk;
package = pkgs.kdePackages.breeze-gtk;
name = "Breeze";
};
iconTheme = {
package = pkgs.breeze-icons;
package = pkgs.kdePackages.breeze-icons;
name = "breeze";
};
};
@@ -181,8 +182,8 @@ in
pkgs.source-code-pro
pkgs.breeze-qt5
pkgs.breeze-icons
pkgs.kdePackages.breeze-gtk
pkgs.kdePackages.breeze-icons
];
};
}

36
hosts/asuka/soryu/ai-container.nix Normal file
View File

@@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
{
systemd.nspawn.ubuntu-ai = {
execConfig = {
Boot = true;
};
networkConfig = {
Private = false;
};
filesConfig = {
BindReadOnly = [
"/etc/resolv.conf:/etc/resolv.conf"
];
Bind = [
"/dev/dri:/dev/dri"
"/dev/kfd:/dev/kfd"
"/mnt/human/sd:/sd:idmap"
];
};
};
systemd.services."systemd-nspawn@ubuntu-ai" = {
environment = {
SYSTEMD_NSPAWN_TMPFS_TMP = "0";
};
serviceConfig = {
CPUQuota = "1400%";
MemoryHigh = "90G";
MemoryMax = "94G";
MemorySwapMax = "40G";
ExecStart = "systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=%i -D /mnt/human/machines/ubuntu-ai";
};
# overrideStrategy = "asDropin";
};
}

41
hosts/asuka/soryu/configuration.nix
View File

@@ -10,6 +10,7 @@
./hardware-configuration.nix
# ./wack.nix
./ollama.nix
./ai-container.nix
../../common/builder.nix
];
@@ -34,6 +35,24 @@
};
};
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd.availableKernelModules = [ "r8169" ];
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
port = 22;
authorizedKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp8iMOx3eTiG5AmDh2KjKcigf7xdRKn9M7iZQ4RqP0np0UN2NUbu+VAMJmkWFyi3JpxmLuhszU0F1xY+3qM3ARduy1cs89B/bBE85xlOeYhcYVmpcgPR5xduS+TuHTBzFAgp+IU7/lgxdjcJ3PH4K0ruGRcX1xrytmk/vdY8IeSk3GVWDRrRbH6brO4cCCFjX0zJ7G6hBQueTPQoOy3jrUvgpRkzZY4ZCuljXtxbuX5X/2qWAkp8ca0iTQ5FzNA5JUyj+DWeEzjIEz6GrckOdV2LjWpT9+CtOqoPZOUudE1J9mJk4snNlMQjE06It7Kr50bpwoPqnxjo7ZjlHFLezl"
];
hostKeys = [
"/etc/secrets/initrd/ssh_host_rsa_key"
"/etc/secrets/initrd/ssh_host_ed25519_key"
];
shell = "/bin/cryptsetup-askpass";
};
hardware.bluetooth.enable = true;
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelPackages = pkgs.linuxPackages_latest;
@@ -113,14 +132,10 @@
networking.firewall.allowedUDPPorts = [ config.services.murmur.port ];
# Enable CUPS to print documents.
# services.printing.enable = true;
security.rtkit.enable = true;
security.rtkit.enable = false; # Enable again when mumble is fixed
services.pipewire = {
enable = true;
extraLv2Packages = [ pkgs.rnnoise-plugin.lv2 ];
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
@@ -163,11 +178,18 @@
services.xserver.xkb.layout = "no";
# services.xserver.xkbOptions = "eurosign:e";
i18n = {
defaultLocale = "nb_NO.UTF-8";
extraLocales = [ "en_US.UTF-8/UTF-8" "nn_NO.UTF-8/UTF-8" ];
extraLocaleSettings = {
LC_COLLATE = "nb_NO.UTF-8";
LC_MESSAGES = "en_US.UTF-8";
};
};
services.xserver.displayManager.lightdm.enable = true;
services.xserver.videoDrivers = ["amdgpu"];
programs.zsh.enable = true;
virtualisation.docker.enable = true;
@@ -177,8 +199,6 @@
# networking.nameservers = lib.mkForce [ "192.168.0.25" ];
# services.ipfs.enable = true;
# services.ipfs.gatewayAddress = "/ip4/127.0.0.1/tcp/5002";
@@ -203,5 +223,4 @@
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "24.11"; # Did you read the comment?
}

261
hosts/ayanami-old/configuration.nix Normal file
View File

@@ -0,0 +1,261 @@
#n Edit this configuration file to define what should be installed on your system.
# Help is available in the configuration.nix(5) man page and in the NixOS manual
# (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
networking.hosts = {
# "10.10.111.103" = [ "snowbell.htb" "legacy.snowbell.htb" "management.snowbell.htb" ];
};
services.restic.backups."main" = {
repositoryFile = "/root/restic-main-repo";
passwordFile = "/root/restic-main-password";
pruneOpts = [
"--keep-last 2"
"--keep-within 3d"
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 5"
];
paths = [
"/home/daniel"
"/var/lib"
];
exclude = [
"/home/*/.cache"
"/home/*/.local/share/Trash"
"/home/*/.cargo"
"/home/*/.local/share/Steam/*"
"!/home/*/.local/share/Steam/compatdata"
"/home/*/mnt"
];
extraBackupArgs = [
"--one-file-system"
];
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
virtualisation.podman.enable = true;
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true;
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
services.mysql.enable = true;
services.mysql.package = pkgs.mariadb;
services.mysql.settings.mysqld = {
bind-address = "127.0.0.1";
port = 3306;
};
services.mysql.ensureUsers = [
{
name = "daniel";
ensurePermissions = {
"lab1.*" = "ALL PRIVILEGES";
"lab2.*" = "ALL PRIVILEGES";
"lab3.*" = "ALL PRIVILEGES";
"lab4.*" = "ALL PRIVILEGES";
"lab5.*" = "ALL PRIVILEGES";
};
}
];
# services.create_ap.enable = false;
# services.create_ap.settings = {
# INTERNET_IFACE = "enp0s31f6";
# PASSPHRASE = "12345678";
# SSID = "DOTA2ERBEST";
# WIFI_IFACE = "wlp5s0";
# MAC_FILTER = 0;
# HIDDEN = 0;
# };
boot.kernelModules = [ "v4l2loopback" ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "ayanami"; # Define your hostname.
networking.networkmanager.enable = true;
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# Set your time zone.
time.timeZone = "Europe/Oslo";
services.tailscale.enable = true;
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp0s31f6.useDHCP = false;
networking.interfaces.wlp5s0.useDHCP = false;
services.avahi.enable = false;
# services.atftpd = {
# enable = false;
# };
# Select internationalisation properties.
i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" "nb_NO.UTF-8/UTF-8" ];
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_TIME = "nb_NO.UTF-8";
LC_PAPER = "nb_NO.UTF-8";
LC_NAME = "nb_NO.UTF-8";
LC_ADDRESS = "nb_NO.UTF-8";
LC_TELEPHONE = "nb_NO.UTF-8";
LC_MEASUREMENT = "nb_NO.UTF-8";
LC_IDENTIFICATION = "nb_NO.UTF-8";
};
console = {
font = "Lat2-Terminus16";
keyMap = "no-latin1";
};
services.xserver.displayManager.lightdm.enable = true;
services.displayManager.defaultSession = "xsession";
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.displayManager = {
session = [
{
manage = "desktop";
name = "xsession";
start = "exec $HOME/.xsession";
}
];
};
# Disable cups we will just not print anything :))
services.printing.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = with pkgs; [ libva ];
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
services.xserver.xkb.layout = "no";
programs.zsh.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.daniel = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = [ "wheel" "networkmanager" "wireshark" "libvirtd" ];
};
environment.systemPackages = with pkgs; [
vim
git
wget
virt-manager
podman-compose
];
services.dbus.packages = with pkgs; [ pkgs.dconf ];
services.openssh.enable = true;
services.openssh.openFirewall = false;
networking.firewall.interfaces."tailscale0" = let
all = { from = 0; to = 65535; };
in {
allowedUDPPortRanges = [ all ];
allowedTCPPortRanges = [ all ];
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 69 8010 9090 ];
networking.firewall.allowedUDPPorts = [ 69 8010 9090 ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
nix.settings.trusted-users = [ "daniel" ];
nix.buildMachines = [
{ hostName = "soryu";
system = "x86_64-linux";
maxJobs = 16;
supportedFeatures = [ "big-parallel" ];
speedFactor = 66317;
}
# { hostName = "bob.pvv.ntnu.no";
# system = "x86_64-linux";
# maxJobs = 12;
# supportedFeatures = [ "big-parallel" ];
# speedFactor = 129270;
# }
# { hostName = "bolle.pbsds.net";
# system = "x86_64-linux";
# maxJobs = 6;
# speedFactor = 12857;
# }
# { hostName = "garp.pbsds.net";
# system = "x86_64-linux";
# maxJobs = 4;
# # i7-6700
# speedFactor = 8088;
# }
# { hostName = "lilith";
# system = "x86_64-linux";
# maxJobs = 6;
# #speedFactor = 13199;
# speedFactor = 6000;
# }
# {
# hostName = "isvegg.pvv.ntnu.no";
# system = "x86_64-linux";
# maxJobs = 4;
# speedFactor = 4961;
# supportedFeatures = [ "big-parallel" ];
# mandatoryFeatures = [ ];
# }
];
nix.distributedBuilds = true;
nix.extraOptions = ''
builders-use-substitutes = true
experimental-features = nix-command flakes impure-derivations ca-derivations
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

61
hosts/ayanami-old/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,61 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
fsType = "btrfs";
options = [ "subvol=root" ];
};
boot.initrd.luks.devices."enc" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/27c2e6ae-d9ec-4bbd-9ebe-6ec2e63dd139";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
fsType = "btrfs";
options = [ "subvol=persist" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
fsType = "btrfs";
options = [ "subvol=log" ];
neededForBoot = true;
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/503B-1BC9";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/28c04c57-b026-471f-a7bf-366cbc102b78"; }
];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

331
hosts/ayanami/configuration.nix
View File

@@ -1,23 +1,21 @@
#n Edit this configuration file to define what should be installed on your system.
# Help is available in the configuration.nix(5) man page and in the NixOS manual
# (accessible by running nixos-help).
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
{
imports =
[
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.hosts = {
# "10.10.111.103" = [ "snowbell.htb" "legacy.snowbell.htb" "management.snowbell.htb" ];
};
services.restic.backups."main" = {
repositoryFile = "/root/restic-main-repo";
passwordFile = "/root/restic-main-password";
pruneOpts = [
"-keep-tag keep"
"--keep-last 2"
"--keep-within 3d"
"--keep-daily 7"
@@ -36,8 +34,8 @@
"/home/*/.cargo"
"/home/*/.local/share/Steam/*"
"!/home/*/.local/share/Steam/compatdata"
"/home/*/.local/share/Steam/*"
"/home/*/mnt"
];
@@ -48,147 +46,52 @@
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
virtualisation.podman.enable = true;
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true;
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
services.mysql.enable = true;
services.mysql.package = pkgs.mariadb;
services.mysql.settings.mysqld = {
bind-address = "127.0.0.1";
port = 3306;
nixpkgs.config = {
allowUnfree = true;
rocmSupport = true;
};
services.mysql.ensureUsers = [
{
name = "daniel";
ensurePermissions = {
"lab1.*" = "ALL PRIVILEGES";
"lab2.*" = "ALL PRIVILEGES";
"lab3.*" = "ALL PRIVILEGES";
"lab4.*" = "ALL PRIVILEGES";
"lab5.*" = "ALL PRIVILEGES";
};
}
];
# services.create_ap.enable = false;
# services.create_ap.settings = {
# INTERNET_IFACE = "enp0s31f6";
# PASSPHRASE = "12345678";
# SSID = "DOTA2ERBEST";
# WIFI_IFACE = "wlp5s0";
# MAC_FILTER = 0;
# HIDDEN = 0;
# };
boot.kernelModules = [ "v4l2loopback" ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot = {
enable = true;
netbootxyz = { enable = true; sortKey = "y_netbootxyz"; };
edk2-uefi-shell = { enable = true; sortKey = "z_edk2-uefi-shell"; };
};
networking.hostName = "ayanami"; # Define your hostname.
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelPackages = pkgs.linuxPackages_latest;
services.fwupd.enable = true;
# programs.adb.enable = true;
systemd.enableEmergencyMode = false;
networking.hostName = "ayanami";
networking.networkmanager.enable = true;
networking.useDHCP = false;
hardware.bluetooth.enable = true;
services.blueman.enable = true;
# Set your time zone.
time.timeZone = "Europe/Oslo";
zramSwap = {
enable = true;
memoryMax = 24 * 1024 * 1024 * 1024; # 24 GB ZRAM
};
services.resolved.enable = true;
services.resolved.dnssec = "false";
services.gnome.gnome-keyring.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = false;
dedicatedServer.openFirewall = false;
};
services.tailscale.enable = true;
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp0s31f6.useDHCP = false;
networking.interfaces.wlp5s0.useDHCP = false;
services.avahi.enable = false;
# services.atftpd = {
# enable = false;
# };
# Select internationalisation properties.
i18n.supportedLocales = [ "en_US.UTF-8/UTF-8" "nb_NO.UTF-8/UTF-8" ];
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_TIME = "nb_NO.UTF-8";
LC_PAPER = "nb_NO.UTF-8";
LC_NAME = "nb_NO.UTF-8";
LC_ADDRESS = "nb_NO.UTF-8";
LC_TELEPHONE = "nb_NO.UTF-8";
LC_MEASUREMENT = "nb_NO.UTF-8";
LC_IDENTIFICATION = "nb_NO.UTF-8";
};
console = {
font = "Lat2-Terminus16";
keyMap = "no-latin1";
};
services.xserver.displayManager.lightdm.enable = true;
services.displayManager.defaultSession = "xsession";
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.displayManager = {
session = [
{
manage = "desktop";
name = "xsession";
start = "exec $HOME/.xsession";
}
];
};
# Disable cups we will just not print anything :))
services.printing.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = with pkgs; [ libva ];
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
services.xserver.xkb.layout = "no";
programs.zsh.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.daniel = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = [ "wheel" "networkmanager" "wireshark" "libvirtd" ];
};
environment.systemPackages = with pkgs; [
vim
git
wget
virt-manager
podman-compose
];
services.dbus.packages = with pkgs; [ pkgs.dconf ];
services.openssh.enable = true;
services.openssh.openFirewall = false;
networking.firewall.interfaces."tailscale0" = let
all = { from = 0; to = 65535; };
in {
@@ -196,14 +99,108 @@
allowedTCPPortRanges = [ all ];
};
# Select internationalisation properties.
console.keyMap = "no-latin1";
time.timeZone = "Europe/Oslo";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim git
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.openFirewall = false;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 69 8010 9090 ];
networking.firewall.allowedUDPPorts = [ 69 8010 9090 ];
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ ];
networking.firewall.allowedUDPPorts = [ ];
nix.settings.trusted-users = [ "daniel" ];
security.rtkit.enable = false; # Enable again when mumble is fixed
services.pipewire = {
enable = true;
extraLv2Packages = [ pkgs.rnnoise-plugin.lv2 ];
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
hardware.graphics.extraPackages = with pkgs; [
libva rocmPackages.clr.icd
];
hardware.amdgpu.opencl.enable = true;
systemd.tmpfiles.rules =
let
rocmEnv = pkgs.symlinkJoin {
name = "rocm-combined";
paths = with pkgs.rocmPackages; [
rocblas
hipblas
clr
];
};
in [
"L+ /opt/rocm - - - - ${rocmEnv}"
];
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.displayManager = {
defaultSession = "xsession";
session = [
{ manage = "desktop";
name = "xsession";
start = "exec $HOME/.xsession";
}
];
};
services.xserver.xkb.layout = "no";
# services.xserver.xkbOptions = "eurosign:e";
i18n = {
defaultLocale = "nb_NO.UTF-8";
extraLocales = [ "en_US.UTF-8/UTF-8" "nn_NO.UTF-8/UTF-8" ];
extraLocaleSettings = {
LC_COLLATE = "nb_NO.UTF-8";
LC_MESSAGES = "en_US.UTF-8";
};
};
services.xserver.displayManager.lightdm.enable = true;
services.xserver.videoDrivers = ["amdgpu"];
programs.zsh.enable = true;
virtualisation.docker.enable = true;
virtualisation.libvirtd.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
# networking.nameservers = lib.mkForce [ "192.168.0.25" ];
# services.ipfs.enable = true;
# services.ipfs.gatewayAddress = "/ip4/127.0.0.1/tcp/5002";
nix.distributedBuilds = true;
nix.buildMachines = [
{ hostName = "soryu";
system = "x86_64-linux";
@@ -211,12 +208,6 @@
supportedFeatures = [ "big-parallel" ];
speedFactor = 66317;
}
# { hostName = "bob.pvv.ntnu.no";
# system = "x86_64-linux";
# maxJobs = 12;
# supportedFeatures = [ "big-parallel" ];
# speedFactor = 129270;
# }
# { hostName = "bolle.pbsds.net";
# system = "x86_64-linux";
# maxJobs = 6;
@@ -228,34 +219,26 @@
# # i7-6700
# speedFactor = 8088;
# }
# { hostName = "lilith";
# system = "x86_64-linux";
# maxJobs = 6;
# #speedFactor = 13199;
# speedFactor = 6000;
# }
# {
# hostName = "isvegg.pvv.ntnu.no";
# system = "x86_64-linux";
# maxJobs = 4;
# speedFactor = 4961;
# supportedFeatures = [ "big-parallel" ];
# mandatoryFeatures = [ ];
# }
];
nix.distributedBuilds = true;
nix.trustedUsers = [ "daniel" ];
nix.extraOptions = ''
builders-use-substitutes = true
experimental-features = nix-command flakes impure-derivations ca-derivations
experimental-features = nix-command flakes
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
users.users.daniel = {
isNormalUser = true;
uid = 1000;
shell = pkgs.zsh;
extraGroups = [ "wheel" "networkmanager" "docker" "video" "libvirtd" ];
initialPassword = "Abc123";
};
programs.dconf.enable = true;
services.dbus.packages = with pkgs; [ dconf ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "25.05"; # Did you read the comment?
}

52
hosts/ayanami/hardware-configuration.nix
View File

@@ -8,54 +8,50 @@
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci_renesas" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
{ device = "/dev/disk/by-uuid/65fda346-b80f-410d-9577-891cdbf3e4b2";
fsType = "btrfs";
options = [ "subvol=root" ];
options = [ "subvol=root" "compress=zstd" ];
};
boot.initrd.luks.devices."enc" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/27c2e6ae-d9ec-4bbd-9ebe-6ec2e63dd139";
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/5ec9c954-9862-4d1d-bd61-bda34caf504b";
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
{ device = "/dev/disk/by-uuid/65fda346-b80f-410d-9577-891cdbf3e4b2";
fsType = "btrfs";
options = [ "subvol=home" ];
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
{ device = "/dev/disk/by-uuid/65fda346-b80f-410d-9577-891cdbf3e4b2";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
fsType = "btrfs";
options = [ "subvol=persist" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/276d0801-34f7-4d40-aa24-bfc43ea4ff51";
fsType = "btrfs";
options = [ "subvol=log" ];
neededForBoot = true;
options = [ "subvol=nix" "noatime" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/503B-1BC9";
{ device = "/dev/disk/by-uuid/ED9D-8221";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/28c04c57-b026-471f-a7bf-366cbc102b78"; }
[ { device = "/dev/disk/by-uuid/6f23c4a2-2936-4d44-b5c0-03132b720742"; }
];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}