nixos-config/systems/PC-Fixe/configuration.nix

287 lines
11 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
../common-cli.nix
../common-gui.nix
];
nix.trustedUsers = [ "root" "paul" ];
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
efiSupport = true;
device = "nodev";
zfsSupport = true;
memtest86.enable = true;
fontSize = 32;
};
boot.kernelParams = [
"acpi_enforce_resources=lax"
"zfs.zfs_arc_max=2147483648"
];
boot.tmpOnTmpfs = false;
boot.supportedFilesystems = [ "zfs" ];
virtualisation.virtualbox.host.enable = true;
# virtualisation.virtualbox.host.enableExtensionPack = true;
# virtualisation.anbox.enable = true;
virtualisation.podman.enable = true;
services.zfs = {
trim = {
enable = true;
interval = "monthly";
};
autoScrub = {
enable = true;
interval = "monthly";
};
autoSnapshot = {
enable = true;
monthly = 6;
};
autoReplication = {
enable = true;
host = "nyanlout.re";
username = "zfspaulfixe";
identityFilePath = "/var/lib/zfs-replication/id_rsa";
localFilesystem = "fastaf/home";
remoteFilesystem = "loutrepool/zfs-replicate/paul-fixe";
};
};
hardware.bluetooth.enable = true;
# Logitech G920
hardware.usbWwan.enable = true;
# hardware.pulseaudio.extraConfig = ''
# load-module module-null-sink sink_name=mic_denoised_out rate=48000
# load-module module-ladspa-sink sink_name=mic_raw_in sink_master=mic_denoised_out label=noise_suppressor_mono plugin=${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so control=50
# load-module module-loopback source=alsa_input.pci-0000_09_00.4.analog-stereo sink=mic_raw_in channels=1 source_dont_move=true sink_dont_move=true
# load-module module-echo-cancel source_name=hd_mic source_master=mic_denoised_out.monitor sink_master=alsa_output.pci-0000_09_00.4.analog-stereo
# set-default-source hd_mic
# '';
# hardware.pulseaudio.configFile = pkgs.runCommand "default.pa" {} ''
# sed '/module-switch-on-port-available$/d' \
# ${pkgs.pulseaudio}/etc/pulse/default.pa > $out
# '';
services.udev.packages = with pkgs; [
usb-modeswitch-data # Logitech G920
];
services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
'';
security.pki.certificateFiles = [ ./codemasters.pem ];
networking.hostName = "paul-fixe";
networking.hostId = "3a1f739e";
networking.hosts = {
"10.30.0.1" = ["emby.nyanlout.re" "nyanlout.re"];
};
environment.systemPackages = with pkgs; [
usb_modeswitch
];
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
networking.firewall.enable = false;
services.xserver.displayManager.autoLogin = {
enable = true;
user = "paul";
};
users.users.paul = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ];
uid = 1000;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3fEmkmrhccW8NegIk/Ubu6Yw80VCQ1ttG419e+1V1wkJPXFAqcIhffwrIlz81dJ47T+H+zeptpAX8U1Gbk1B5ZH4DW8OcqU6ymM+j6g/gICpvrjJUOpdgyA3GIOjuBJGijGQGggDw1k2SdopAVV1H38YUAJ33RGDvjLJO6VREYLDYLF4oaDp8ann7Wn8BpX2T7cRvhrzqcwbEGaw1f/xrLE5KklOb6pOHRWFJMxW83d8OKiLkQvM4vFGlvvG0/AKGZaZWHDXS7ldoyAv+vnN8DrIxmWEQjdNLfAwYDBHp6XqE0slde4dqBjVHji5+ajFr7eJnrzc4IXsHJ1jM9xGB paul@loutreos"
];
};
services.netdata.enable = true;
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
services.openssh.forwardX11 = true;
# security.pki.certificates = [
# ''
# -----BEGIN CERTIFICATE-----
# MIIDoTCCAomgAwIBAgIGDorvJrq1MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM
# CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTIwMDgzMDE5MjA1NloX
# DTIzMDkwMTE5MjA1NlowKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt
# aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsUHB2if9A
# L5ytR9VrZncwDdx3J6ZdA2+wZQe9EjtX5ax1r55bbQBoJmN2HqZCSA3vdvMzr42W
# Jx0ksNhNocEGvER2dTUIqkUKeeYQIRCc5CD9T5IpUVVKm3aeJo+FATmuzg4m23MZ
# a9Up4nCdUJwufSqzv0ZWvEHERWtRXPYRZ2t+vKqnCS+dOQ3NsGWvC+12i7kNMKyy
# 0ylFBY/BZfaH/kMVzUijAnNQPWpW3T/Wqpx7z+IXZ+ccCQ1U1N26FXhSMa/+DenW
# fo27QVNOu5cIIpAYmTl6+Oek0XLSH8oFLdjeVtBJuHFA1iAfmqPv4yJDKbSgg/d8
# Jb46BE2ZyW6RAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC
# AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD
# BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG
# CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC
# AQYwHQYDVR0OBBYEFEiFqrQtFmTV66rlQ9SCqp7ohrtsMA0GCSqGSIb3DQEBCwUA
# A4IBAQBfH5xpxt4mCdnjiISaMeEcKuur2kfVbQEKNceDeKLZJfcwEkMtAr0LeyMV
# 1hkExtvyU0JPmgyzU7Le4UHEB8pwyyD3kYx7vBtxjVSXAbK1YKgDllPmXtlJGmA/
# SMuxnwkUXwMeZBxmu8LR1SOQiMX+aZvYbQIjigduXOC/ZSHYtJbh+RmrvHFEBu7L
# zZx8DzJKOmlfo9gohNIW1ucRM6B4B5yy5plqurGlkFPHlRqGoWkJPI4oB+cobzMh
# QidzHgk4Set3bqIuYAsqtHGxdTtnGooagQBUWt0CxmGdmonofzinsAAasKprcBl6
# QaNGz7o/LfHprXvCM1mHjbVVbZN2
# -----END CERTIFICATE-----
# ''
# ];
# services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
package = pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
};
virtualHosts."stream.nyanlout.re" = {
locations."/" = {
root = "/var/www/hls/";
extraConfig = ''
add_header Cache-Control no-cache;
add_header Access-Control-Allow-Origin *;
'';
};
default = true;
};
appendConfig = let
rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
in ''
rtmp {
server {
listen 1935;
application live {
live on;
interleave on;
exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1
-c:v libx264 -c:a aac -b:v 256k -b:a 96k -vf "scale=480:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_low
-c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_mid
-c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_high
-c:v libx264 -c:a aac -b:v 1920k -b:a 128k -vf "scale=1280:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_hd720
-c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log;
}
application show {
live on;
hls on;
hls_path ${rootLocation};
hls_fragment 5;
hls_playlist_length 10;
hls_nested on;
hls_variant _low BANDWIDTH=352000; # Low bitrate, sub-SD resolution
hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution
hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution
hls_variant _hd720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution
hls_variant _src BANDWIDTH=8192000; # Source bitrate, source resolution
}
}
}
'';
};
services.xserver.deviceSection = ''
Option "metamodes" "DP-0: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}"
'';
systemd = let
DP0Config = "--output DP-0 --mode 3440x1440 --rate 144";
DP2Config = "--output DP-2 --auto --left-of DP-0";
HDMIConfig = "--output HDMI-0 --auto --left-of DP-0";
in {
services = {
wol = {
description = "Wake-on-LAN";
wantedBy = [ "multi-user.target" ];
requires = [ "network.target" ];
after = [ "network.target" ];
script = ''
${pkgs.ethtool}/sbin/ethtool -s eno1 wol g
'';
serviceConfig.Type = "oneshot";
};
nginx.serviceConfig.ReadWritePaths = "/var/www/hls";
zfs-replication.serviceConfig.StateDirectory = "zfs-replication";
};
user.services = {
"enableTV" = {
description = "Enable TV output";
script = ''
${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} --primary
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }"
${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig}
${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
'';
conflicts = ["CSMode.service"];
serviceConfig.Type = "oneshot";
};
"primaryTV" = {
description = "Set TV output as primary";
script = ''
${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config}
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }"
${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} --primary
${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
'';
conflicts = ["CSMode.service"];
serviceConfig.Type = "oneshot";
};
"FreeSyncMode" = {
description = "Enable FreeSync screen only";
script = ''
${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config}
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { AllowGSYNCCompatible=On }"
${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
'';
conflicts = ["CSMode.service"];
serviceConfig.Type = "oneshot";
};
"CSMode" = {
description = "Enable 4:3 black bars";
script = ''
${pkgs.xorg.xrandr}/bin/xrandr ${DP0Config} --primary
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }"
${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
'';
preStop = ''
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-0: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }"
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
};
};
};
system.stateVersion = "20.03";
}