nixos-config/systems/PC-Fixe/configuration.nix

288 lines
11 KiB
Nix
Raw Normal View History

2018-10-31 00:42:58 +01:00
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
2019-10-04 22:01:49 +02:00
../common-cli.nix
../common-gui.nix
2018-10-31 00:42:58 +01:00
];
2022-10-10 22:25:14 +02:00
nix.settings.trusted-users = [ "root" "paul" ];
2021-12-28 22:56:26 +01:00
2018-10-31 00:42:58 +01:00
boot.loader.efi.canTouchEfiVariables = true;
2019-10-15 21:38:23 +02:00
boot.loader.grub = {
efiSupport = true;
device = "nodev";
zfsSupport = true;
2020-04-21 02:39:01 +02:00
memtest86.enable = true;
2020-10-06 00:19:43 +02:00
fontSize = 32;
2019-10-15 21:38:23 +02:00
};
2021-10-14 13:01:23 +02:00
boot.kernelParams = [
"acpi_enforce_resources=lax"
"zfs.zfs_arc_max=2147483648"
];
boot.tmpOnTmpfs = false;
2019-10-15 21:38:23 +02:00
boot.supportedFilesystems = [ "zfs" ];
2018-10-31 00:42:58 +01:00
2020-10-06 00:20:54 +02:00
virtualisation.virtualbox.host.enable = true;
# virtualisation.virtualbox.host.enableExtensionPack = true;
2021-10-14 13:01:23 +02:00
# virtualisation.anbox.enable = true;
virtualisation.podman.enable = true;
2020-10-06 00:20:54 +02:00
2019-11-21 02:13:25 +01:00
services.zfs = {
2021-10-14 13:01:23 +02:00
trim = {
2023-06-08 21:34:28 +02:00
enable = false;
2021-10-14 13:01:23 +02:00
interval = "monthly";
};
autoScrub = {
2023-06-08 21:34:28 +02:00
enable = false;
2021-10-14 13:01:23 +02:00
interval = "monthly";
};
2019-11-21 02:13:25 +01:00
autoSnapshot = {
enable = true;
monthly = 6;
};
2021-10-14 13:01:23 +02:00
autoReplication = {
enable = true;
host = "nyanlout.re";
username = "zfspaulfixe";
identityFilePath = "/var/lib/zfs-replication/id_rsa";
localFilesystem = "fastaf/home";
remoteFilesystem = "loutrepool/zfs-replicate/paul-fixe";
};
2019-11-21 02:13:25 +01:00
};
2019-01-24 18:58:13 +01:00
hardware.bluetooth.enable = true;
2019-10-06 18:25:00 +02:00
# Logitech G920
hardware.usbWwan.enable = true;
2021-10-14 13:01:23 +02:00
# hardware.pulseaudio.extraConfig = ''
# load-module module-null-sink sink_name=mic_denoised_out rate=48000
# load-module module-ladspa-sink sink_name=mic_raw_in sink_master=mic_denoised_out label=noise_suppressor_mono plugin=${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so control=50
# load-module module-loopback source=alsa_input.pci-0000_09_00.4.analog-stereo sink=mic_raw_in channels=1 source_dont_move=true sink_dont_move=true
# load-module module-echo-cancel source_name=hd_mic source_master=mic_denoised_out.monitor sink_master=alsa_output.pci-0000_09_00.4.analog-stereo
# set-default-source hd_mic
# '';
# hardware.pulseaudio.configFile = pkgs.runCommand "default.pa" {} ''
# sed '/module-switch-on-port-available$/d' \
# ${pkgs.pulseaudio}/etc/pulse/default.pa > $out
# '';
2018-10-31 00:42:58 +01:00
services.udev.packages = with pkgs; [
2018-12-12 23:42:02 +01:00
usb-modeswitch-data # Logitech G920
2018-10-31 00:42:58 +01:00
];
services.udev.extraRules = ''
2019-10-06 18:25:00 +02:00
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
'';
2019-10-06 18:25:00 +02:00
security.pki.certificateFiles = [ ./codemasters.pem ];
2019-10-04 22:01:49 +02:00
networking.hostName = "paul-fixe";
2019-10-15 21:38:23 +02:00
networking.hostId = "3a1f739e";
2018-10-31 00:42:58 +01:00
2021-10-14 13:01:23 +02:00
networking.hosts = {
"10.30.0.1" = ["emby.nyanlout.re" "nyanlout.re"];
};
2018-10-31 00:42:58 +01:00
environment.systemPackages = with pkgs; [
2022-05-18 19:43:52 +02:00
usb-modeswitch
2022-11-29 21:10:45 +01:00
esphome
2018-10-31 00:42:58 +01:00
];
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
networking.firewall.enable = false;
2020-10-06 00:20:54 +02:00
services.xserver.displayManager.autoLogin = {
2019-10-06 18:25:00 +02:00
enable = true;
user = "paul";
};
2018-10-31 00:42:58 +01:00
users.users.paul = {
isNormalUser = true;
2020-10-06 00:20:54 +02:00
extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ];
2018-10-31 00:42:58 +01:00
uid = 1000;
2019-10-06 18:25:00 +02:00
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3fEmkmrhccW8NegIk/Ubu6Yw80VCQ1ttG419e+1V1wkJPXFAqcIhffwrIlz81dJ47T+H+zeptpAX8U1Gbk1B5ZH4DW8OcqU6ymM+j6g/gICpvrjJUOpdgyA3GIOjuBJGijGQGggDw1k2SdopAVV1H38YUAJ33RGDvjLJO6VREYLDYLF4oaDp8ann7Wn8BpX2T7cRvhrzqcwbEGaw1f/xrLE5KklOb6pOHRWFJMxW83d8OKiLkQvM4vFGlvvG0/AKGZaZWHDXS7ldoyAv+vnN8DrIxmWEQjdNLfAwYDBHp6XqE0slde4dqBjVHji5+ajFr7eJnrzc4IXsHJ1jM9xGB paul@loutreos"
];
2018-10-31 00:42:58 +01:00
};
2019-10-06 18:25:00 +02:00
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
2020-05-07 12:13:35 +02:00
services.openssh.forwardX11 = true;
2019-10-06 18:25:00 +02:00
2021-10-14 13:01:23 +02:00
# security.pki.certificates = [
# ''
# -----BEGIN CERTIFICATE-----
# MIIDoTCCAomgAwIBAgIGDorvJrq1MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM
# CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTIwMDgzMDE5MjA1NloX
# DTIzMDkwMTE5MjA1NlowKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt
# aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsUHB2if9A
# L5ytR9VrZncwDdx3J6ZdA2+wZQe9EjtX5ax1r55bbQBoJmN2HqZCSA3vdvMzr42W
# Jx0ksNhNocEGvER2dTUIqkUKeeYQIRCc5CD9T5IpUVVKm3aeJo+FATmuzg4m23MZ
# a9Up4nCdUJwufSqzv0ZWvEHERWtRXPYRZ2t+vKqnCS+dOQ3NsGWvC+12i7kNMKyy
# 0ylFBY/BZfaH/kMVzUijAnNQPWpW3T/Wqpx7z+IXZ+ccCQ1U1N26FXhSMa/+DenW
# fo27QVNOu5cIIpAYmTl6+Oek0XLSH8oFLdjeVtBJuHFA1iAfmqPv4yJDKbSgg/d8
# Jb46BE2ZyW6RAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC
# AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD
# BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG
# CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC
# AQYwHQYDVR0OBBYEFEiFqrQtFmTV66rlQ9SCqp7ohrtsMA0GCSqGSIb3DQEBCwUA
# A4IBAQBfH5xpxt4mCdnjiISaMeEcKuur2kfVbQEKNceDeKLZJfcwEkMtAr0LeyMV
# 1hkExtvyU0JPmgyzU7Le4UHEB8pwyyD3kYx7vBtxjVSXAbK1YKgDllPmXtlJGmA/
# SMuxnwkUXwMeZBxmu8LR1SOQiMX+aZvYbQIjigduXOC/ZSHYtJbh+RmrvHFEBu7L
# zZx8DzJKOmlfo9gohNIW1ucRM6B4B5yy5plqurGlkFPHlRqGoWkJPI4oB+cobzMh
# QidzHgk4Set3bqIuYAsqtHGxdTtnGooagQBUWt0CxmGdmonofzinsAAasKprcBl6
# QaNGz7o/LfHprXvCM1mHjbVVbZN2
# -----END CERTIFICATE-----
# ''
# ];
# services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
};
virtualHosts."stream.nyanlout.re" = {
locations."/" = {
root = "/var/www/hls/";
extraConfig = ''
add_header Cache-Control no-cache;
add_header Access-Control-Allow-Origin *;
'';
};
default = true;
};
appendConfig = let
rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
in ''
rtmp {
server {
listen 1935;
application live {
live on;
interleave on;
exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1
-c:v libx264 -c:a aac -b:v 256k -b:a 96k -vf "scale=480:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_low
-c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_mid
-c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_high
-c:v libx264 -c:a aac -b:v 1920k -b:a 128k -vf "scale=1280:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_hd720
-c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log;
}
application show {
live on;
hls on;
hls_path ${rootLocation};
hls_fragment 5;
hls_playlist_length 10;
hls_nested on;
hls_variant _low BANDWIDTH=352000; # Low bitrate, sub-SD resolution
hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution
hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution
hls_variant _hd720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution
hls_variant _src BANDWIDTH=8192000; # Source bitrate, source resolution
}
}
}
'';
};
services.xserver.deviceSection = ''
2022-05-18 19:44:20 +02:00
Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}"
2021-10-14 13:01:23 +02:00
'';
2022-07-20 15:29:20 +02:00
services.printing.enable = true;
services.printing.drivers = [ pkgs.hplip ];
2021-10-14 13:01:23 +02:00
systemd = let
2022-05-18 19:44:20 +02:00
DP4Config = "--output DP-4 --mode 3440x1440 --rate 144";
HDMIConfig = "--output HDMI-0 --auto --left-of DP-4";
2021-10-14 13:01:23 +02:00
in {
services = {
wol = {
description = "Wake-on-LAN";
wantedBy = [ "multi-user.target" ];
requires = [ "network.target" ];
after = [ "network.target" ];
script = ''
${pkgs.ethtool}/sbin/ethtool -s eno1 wol g
'';
serviceConfig.Type = "oneshot";
};
nginx.serviceConfig.ReadWritePaths = "/var/www/hls";
zfs-replication.serviceConfig.StateDirectory = "zfs-replication";
};
user.services = {
"enableTV" = {
description = "Enable TV output";
script = ''
2022-05-18 19:44:20 +02:00
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }"
2021-12-03 20:58:05 +01:00
${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig}
${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
2021-10-14 13:01:23 +02:00
'';
conflicts = ["CSMode.service"];
serviceConfig.Type = "oneshot";
};
"primaryTV" = {
description = "Set TV output as primary";
script = ''
2022-05-18 19:44:20 +02:00
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config}
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }"
2021-12-03 20:58:05 +01:00
${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} --primary
${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
2021-10-14 13:01:23 +02:00
'';
conflicts = ["CSMode.service"];
serviceConfig.Type = "oneshot";
};
"FreeSyncMode" = {
description = "Enable FreeSync screen only";
script = ''
2022-05-18 19:44:20 +02:00
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config}
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }"
2021-10-14 13:01:23 +02:00
${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
'';
conflicts = ["CSMode.service"];
serviceConfig.Type = "oneshot";
};
"CSMode" = {
description = "Enable 4:3 black bars";
script = ''
2022-05-18 19:44:20 +02:00
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }"
2021-10-14 13:01:23 +02:00
${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
'';
preStop = ''
2022-05-18 19:44:20 +02:00
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }"
2021-10-14 13:01:23 +02:00
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
};
2020-10-06 00:22:19 +02:00
};
};
2019-11-21 02:12:58 +01:00
2019-10-15 21:38:23 +02:00
system.stateVersion = "20.03";
2018-10-31 00:42:58 +01:00
}