forked from nyanloutre/nixos-config
286 lines
11 KiB
Nix
286 lines
11 KiB
Nix
# Edit this configuration file to define what should be installed on
|
||
# your system. Help is available in the configuration.nix(5) man page
|
||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||
|
||
{ config, pkgs, ... }:
|
||
|
||
{
|
||
imports =
|
||
[
|
||
./hardware-configuration.nix
|
||
../common-cli.nix
|
||
../common-gui.nix
|
||
];
|
||
|
||
nix.trustedUsers = [ "root" "paul" ];
|
||
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
boot.loader.grub = {
|
||
efiSupport = true;
|
||
device = "nodev";
|
||
zfsSupport = true;
|
||
memtest86.enable = true;
|
||
fontSize = 32;
|
||
};
|
||
boot.kernelParams = [
|
||
"acpi_enforce_resources=lax"
|
||
"zfs.zfs_arc_max=2147483648"
|
||
];
|
||
boot.tmpOnTmpfs = false;
|
||
boot.supportedFilesystems = [ "zfs" ];
|
||
|
||
virtualisation.virtualbox.host.enable = true;
|
||
# virtualisation.virtualbox.host.enableExtensionPack = true;
|
||
# virtualisation.anbox.enable = true;
|
||
virtualisation.podman.enable = true;
|
||
|
||
services.zfs = {
|
||
trim = {
|
||
enable = true;
|
||
interval = "monthly";
|
||
};
|
||
autoScrub = {
|
||
enable = true;
|
||
interval = "monthly";
|
||
};
|
||
autoSnapshot = {
|
||
enable = true;
|
||
monthly = 6;
|
||
};
|
||
autoReplication = {
|
||
enable = true;
|
||
host = "nyanlout.re";
|
||
username = "zfspaulfixe";
|
||
identityFilePath = "/var/lib/zfs-replication/id_rsa";
|
||
localFilesystem = "fastaf/home";
|
||
remoteFilesystem = "loutrepool/zfs-replicate/paul-fixe";
|
||
};
|
||
};
|
||
|
||
hardware.bluetooth.enable = true;
|
||
|
||
# Logitech G920
|
||
hardware.usbWwan.enable = true;
|
||
|
||
# hardware.pulseaudio.extraConfig = ''
|
||
# load-module module-null-sink sink_name=mic_denoised_out rate=48000
|
||
# load-module module-ladspa-sink sink_name=mic_raw_in sink_master=mic_denoised_out label=noise_suppressor_mono plugin=${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so control=50
|
||
# load-module module-loopback source=alsa_input.pci-0000_09_00.4.analog-stereo sink=mic_raw_in channels=1 source_dont_move=true sink_dont_move=true
|
||
|
||
# load-module module-echo-cancel source_name=hd_mic source_master=mic_denoised_out.monitor sink_master=alsa_output.pci-0000_09_00.4.analog-stereo
|
||
|
||
# set-default-source hd_mic
|
||
# '';
|
||
|
||
# hardware.pulseaudio.configFile = pkgs.runCommand "default.pa" {} ''
|
||
# sed '/module-switch-on-port-available$/d' \
|
||
# ${pkgs.pulseaudio}/etc/pulse/default.pa > $out
|
||
# '';
|
||
|
||
services.udev.packages = with pkgs; [
|
||
usb-modeswitch-data # Logitech G920
|
||
];
|
||
|
||
services.udev.extraRules = ''
|
||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
|
||
'';
|
||
|
||
security.pki.certificateFiles = [ ./codemasters.pem ];
|
||
|
||
networking.hostName = "paul-fixe";
|
||
networking.hostId = "3a1f739e";
|
||
|
||
networking.hosts = {
|
||
"10.30.0.1" = ["emby.nyanlout.re" "nyanlout.re"];
|
||
};
|
||
|
||
environment.systemPackages = with pkgs; [
|
||
usb-modeswitch
|
||
];
|
||
|
||
programs.wireshark.enable = true;
|
||
programs.wireshark.package = pkgs.wireshark;
|
||
|
||
networking.firewall.enable = false;
|
||
|
||
services.xserver.displayManager.autoLogin = {
|
||
enable = true;
|
||
user = "paul";
|
||
};
|
||
|
||
users.users.paul = {
|
||
isNormalUser = true;
|
||
extraGroups = [ "wheel" "networkmanager" "wireshark" "input" "dialout" "libvirtd" "vboxusers" ];
|
||
uid = 1000;
|
||
openssh.authorizedKeys.keys = [
|
||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDstFRwMoTEip5IBSYE4dUj3miO0LsKrnUKQJmp7d5QYo3VhXk43jU6VUU0tVAegkzWLlQ3ohoFns+8bZyf7hj7roftrDfoC9bbbx4ihhWrZTlF0gzoH4t52yetFO5eC/tV2sm/zFoa+3IWLokOEFmAoknAVag1MmVLXTQ6WPoTPD4UsX/D3lyE4dbSKxHpMOIjqIdqSEgO0BeTdnHe5afvGXXO1VYTvPsGDHT9w8EHwQV9JXIPn7KVOp3qin7OwvFFrrB3QbiEVTJvGiH2hrfxcARTN/+TxGtf+aOFeuQykURG9Wz/aBK60EWE0wGrzuIymxtNdOR1NhmnNrUZ976Tb9WdR7FC+yM6+/kdfICy+sGQmmn8TLsGvcJTT/pl4Pa9uRAKjRJuLIEgYY6W/ms9lCRyf484yRkDlq+V0BPuN9Jy6Eb7x+tmZNkpEtkqso7wfXD8sf5BIwv2K69SVMpfTswydHGmDwHZ0zaDKGlyCiyJ1QGqUhCTXqtYVq+kQ3AcjKcysMwVEmwx/ySu0XFuV8oUkl9XK/RUoc++sMEd0EbHcn8uwCmBARNX+GLQ03vxwyMW3HyneP8EAxoqtSepZXbTdVP/0i+l7EUUeA7zsaWfU2a82ktZWpVPFGfxkuo0l3zLF19EsXPKZNqlRfkOWjSgp+qWihAkQIQk3GoduQ== openpgp:0x75EE3375"
|
||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3fEmkmrhccW8NegIk/Ubu6Yw80VCQ1ttG419e+1V1wkJPXFAqcIhffwrIlz81dJ47T+H+zeptpAX8U1Gbk1B5ZH4DW8OcqU6ymM+j6g/gICpvrjJUOpdgyA3GIOjuBJGijGQGggDw1k2SdopAVV1H38YUAJ33RGDvjLJO6VREYLDYLF4oaDp8ann7Wn8BpX2T7cRvhrzqcwbEGaw1f/xrLE5KklOb6pOHRWFJMxW83d8OKiLkQvM4vFGlvvG0/AKGZaZWHDXS7ldoyAv+vnN8DrIxmWEQjdNLfAwYDBHp6XqE0slde4dqBjVHji5+ajFr7eJnrzc4IXsHJ1jM9xGB paul@loutreos"
|
||
];
|
||
};
|
||
|
||
services.netdata.enable = true;
|
||
|
||
services.openssh.enable = true;
|
||
services.openssh.passwordAuthentication = false;
|
||
services.openssh.forwardX11 = true;
|
||
|
||
# security.pki.certificates = [
|
||
# ''
|
||
# -----BEGIN CERTIFICATE-----
|
||
# MIIDoTCCAomgAwIBAgIGDorvJrq1MA0GCSqGSIb3DQEBCwUAMCgxEjAQBgNVBAMM
|
||
# CW1pdG1wcm94eTESMBAGA1UECgwJbWl0bXByb3h5MB4XDTIwMDgzMDE5MjA1NloX
|
||
# DTIzMDkwMTE5MjA1NlowKDESMBAGA1UEAwwJbWl0bXByb3h5MRIwEAYDVQQKDAlt
|
||
# aXRtcHJveHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsUHB2if9A
|
||
# L5ytR9VrZncwDdx3J6ZdA2+wZQe9EjtX5ax1r55bbQBoJmN2HqZCSA3vdvMzr42W
|
||
# Jx0ksNhNocEGvER2dTUIqkUKeeYQIRCc5CD9T5IpUVVKm3aeJo+FATmuzg4m23MZ
|
||
# a9Up4nCdUJwufSqzv0ZWvEHERWtRXPYRZ2t+vKqnCS+dOQ3NsGWvC+12i7kNMKyy
|
||
# 0ylFBY/BZfaH/kMVzUijAnNQPWpW3T/Wqpx7z+IXZ+ccCQ1U1N26FXhSMa/+DenW
|
||
# fo27QVNOu5cIIpAYmTl6+Oek0XLSH8oFLdjeVtBJuHFA1iAfmqPv4yJDKbSgg/d8
|
||
# Jb46BE2ZyW6RAgMBAAGjgdAwgc0wDwYDVR0TAQH/BAUwAwEB/zARBglghkgBhvhC
|
||
# AQEEBAMCAgQweAYDVR0lBHEwbwYIKwYBBQUHAwEGCCsGAQUFBwMCBggrBgEFBQcD
|
||
# BAYIKwYBBQUHAwgGCisGAQQBgjcCARUGCisGAQQBgjcCARYGCisGAQQBgjcKAwEG
|
||
# CisGAQQBgjcKAwMGCisGAQQBgjcKAwQGCWCGSAGG+EIEATAOBgNVHQ8BAf8EBAMC
|
||
# AQYwHQYDVR0OBBYEFEiFqrQtFmTV66rlQ9SCqp7ohrtsMA0GCSqGSIb3DQEBCwUA
|
||
# A4IBAQBfH5xpxt4mCdnjiISaMeEcKuur2kfVbQEKNceDeKLZJfcwEkMtAr0LeyMV
|
||
# 1hkExtvyU0JPmgyzU7Le4UHEB8pwyyD3kYx7vBtxjVSXAbK1YKgDllPmXtlJGmA/
|
||
# SMuxnwkUXwMeZBxmu8LR1SOQiMX+aZvYbQIjigduXOC/ZSHYtJbh+RmrvHFEBu7L
|
||
# zZx8DzJKOmlfo9gohNIW1ucRM6B4B5yy5plqurGlkFPHlRqGoWkJPI4oB+cobzMh
|
||
# QidzHgk4Set3bqIuYAsqtHGxdTtnGooagQBUWt0CxmGdmonofzinsAAasKprcBl6
|
||
# QaNGz7o/LfHprXvCM1mHjbVVbZN2
|
||
# -----END CERTIFICATE-----
|
||
# ''
|
||
# ];
|
||
|
||
# services.wakeonlan.interfaces = [ { interface = "eno1"; method = "magicpacket"; } ];
|
||
|
||
services.nginx = {
|
||
enable = true;
|
||
recommendedGzipSettings = true;
|
||
recommendedOptimisation = true;
|
||
package = pkgs.nginx.override {
|
||
modules = with pkgs.nginxModules; [ rtmp ];
|
||
};
|
||
virtualHosts."stream.nyanlout.re" = {
|
||
locations."/" = {
|
||
root = "/var/www/hls/";
|
||
extraConfig = ''
|
||
add_header Cache-Control no-cache;
|
||
add_header Access-Control-Allow-Origin *;
|
||
'';
|
||
};
|
||
default = true;
|
||
};
|
||
appendConfig = let
|
||
rootLocation = config.services.nginx.virtualHosts."stream.nyanlout.re".locations."/".root;
|
||
in ''
|
||
rtmp {
|
||
server {
|
||
listen 1935;
|
||
|
||
application live {
|
||
live on;
|
||
interleave on;
|
||
exec_push ${pkgs.ffmpeg}/bin/ffmpeg -i rtmp://localhost/$app/$name -async 1 -vsync -1
|
||
-c:v libx264 -c:a aac -b:v 256k -b:a 96k -vf "scale=480:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_low
|
||
-c:v libx264 -c:a aac -b:v 768k -b:a 96k -vf "scale=720:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_mid
|
||
-c:v libx264 -c:a aac -b:v 1024k -b:a 128k -vf "scale=960:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_high
|
||
-c:v libx264 -c:a aac -b:v 1920k -b:a 128k -vf "scale=1280:trunc(ow/a/2)*2" -tune zerolatency -preset veryfast -crf 23 -f flv rtmp://localhost/show/$name_hd720
|
||
-c copy -f flv rtmp://localhost/show/$name_src 2>>${rootLocation}/ffmpeg-$name.log;
|
||
}
|
||
|
||
application show {
|
||
live on;
|
||
hls on;
|
||
|
||
hls_path ${rootLocation};
|
||
hls_fragment 5;
|
||
hls_playlist_length 10;
|
||
hls_nested on;
|
||
|
||
hls_variant _low BANDWIDTH=352000; # Low bitrate, sub-SD resolution
|
||
hls_variant _mid BANDWIDTH=448000; # Medium bitrate, SD resolution
|
||
hls_variant _high BANDWIDTH=1152000; # High bitrate, higher-than-SD resolution
|
||
hls_variant _hd720 BANDWIDTH=2048000; # High bitrate, HD 720p resolution
|
||
hls_variant _src BANDWIDTH=8192000; # Source bitrate, source resolution
|
||
}
|
||
}
|
||
}
|
||
'';
|
||
};
|
||
|
||
services.xserver.deviceSection = ''
|
||
Option "metamodes" "DP-4: 3440x1440_144 +0+0 {AllowGSYNCCompatible=On}"
|
||
'';
|
||
|
||
systemd = let
|
||
DP4Config = "--output DP-4 --mode 3440x1440 --rate 144";
|
||
HDMIConfig = "--output HDMI-0 --auto --left-of DP-4";
|
||
in {
|
||
services = {
|
||
wol = {
|
||
description = "Wake-on-LAN";
|
||
wantedBy = [ "multi-user.target" ];
|
||
requires = [ "network.target" ];
|
||
after = [ "network.target" ];
|
||
script = ''
|
||
${pkgs.ethtool}/sbin/ethtool -s eno1 wol g
|
||
'';
|
||
serviceConfig.Type = "oneshot";
|
||
};
|
||
nginx.serviceConfig.ReadWritePaths = "/var/www/hls";
|
||
zfs-replication.serviceConfig.StateDirectory = "zfs-replication";
|
||
};
|
||
user.services = {
|
||
"enableTV" = {
|
||
description = "Enable TV output";
|
||
script = ''
|
||
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary
|
||
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }"
|
||
${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig}
|
||
${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
|
||
'';
|
||
conflicts = ["CSMode.service"];
|
||
serviceConfig.Type = "oneshot";
|
||
};
|
||
"primaryTV" = {
|
||
description = "Set TV output as primary";
|
||
script = ''
|
||
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config}
|
||
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }"
|
||
${pkgs.xorg.xrandr}/bin/xrandr ${HDMIConfig} --primary
|
||
${pkgs.pipewire}/bin/pw-cli s 43 Profile '{ index: 1 }'
|
||
'';
|
||
conflicts = ["CSMode.service"];
|
||
serviceConfig.Type = "oneshot";
|
||
};
|
||
"FreeSyncMode" = {
|
||
description = "Enable FreeSync screen only";
|
||
script = ''
|
||
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config}
|
||
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { AllowGSYNCCompatible=On }"
|
||
${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
|
||
'';
|
||
conflicts = ["CSMode.service"];
|
||
serviceConfig.Type = "oneshot";
|
||
};
|
||
"CSMode" = {
|
||
description = "Enable 4:3 black bars";
|
||
script = ''
|
||
${pkgs.xorg.xrandr}/bin/xrandr ${DP4Config} --primary
|
||
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=1920x1440+760+0, AllowGSYNCCompatible=On }"
|
||
${pkgs.xorg.xrandr}/bin/xrandr --output HDMI-0 --off
|
||
'';
|
||
preStop = ''
|
||
/run/current-system/sw/bin/nvidia-settings --assign CurrentMetaMode="DP-4: 3440x1440_144 { ViewPortIn=3440x1440, ViewPortOut=3440x1440+0+0, AllowGSYNCCompatible=On }"
|
||
'';
|
||
serviceConfig = {
|
||
Type = "oneshot";
|
||
RemainAfterExit = true;
|
||
};
|
||
};
|
||
};
|
||
};
|
||
|
||
system.stateVersion = "20.03";
|
||
}
|