diff --git a/flake.lock b/flake.lock index afd77bd..d7fbb10 100644 --- a/flake.lock +++ b/flake.lock @@ -129,11 +129,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751256218, - "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", + "lastModified": 1753070653, + "narHash": "sha256-vp4Svdpb90eEYkUKxjVROgcJ92u/2sVF8hnpsiKJEhI=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", + "rev": "87f5912350a5bac28eacc1b89bb1767ca1a77e7e", "type": "gitlab" }, "original": { @@ -198,11 +198,11 @@ ] }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -314,11 +314,11 @@ ] }, "locked": { - "lastModified": 1750792728, - "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=", + "lastModified": 1753055804, + "narHash": "sha256-KerePGJYX47ex6OY3CWsid4AltO2gDtQROunYJ0eCEE=", "owner": "nix-community", "repo": "home-manager", - "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557", + "rev": "adf195f021a8cbb0c317f75b52e96c82616526f9", "type": "github" }, "original": { @@ -405,11 +405,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750837715, - "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", + "lastModified": 1752666637, + "narHash": "sha256-P8J72psdc/rWliIvp8jUpoQ6qRDlVzgSDDlgkaXQ0Fw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", + "rev": "d1bfa8f6ccfb5c383e1eba609c1eb67ca24ed153", "type": "github" }, "original": { @@ -420,11 +420,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751211869, - "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", + "lastModified": 1752866191, + "narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", + "rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a", "type": "github" }, "original": { @@ -436,11 +436,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1752950548, + "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "type": "github" }, "original": { @@ -475,11 +475,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1751271961, - "narHash": "sha256-Ka+zyYx1UeDccCv4ZlW7LAvVJdJGnSzKjZQt04fCIoQ=", + "lastModified": 1753086528, + "narHash": "sha256-5RMRU6J7fiaHzA0Bz/xStfuLLQ1AtJfIagxHqEhAb2c=", "owner": "astro", "repo": "nix-openwrt-imagebuilder", - "rev": "8e3ee0a40fb019ec95bec661c45b9d4940d27583", + "rev": "09b9e58d8b4e98193590aa02f60b41881fad840d", "type": "github" }, "original": { diff --git a/hardware/base.nix b/hardware/base.nix index 95d1c07..679f042 100644 --- a/hardware/base.nix +++ b/hardware/base.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ... }: +_: { imports = [ @@ -7,19 +7,6 @@ ./zsa.nix ]; - boot.supportedFilesystems = lib.mkDefault [ "btrfs" ]; - boot.kernelPackages = lib.mkOverride 800 pkgs.linuxPackages_latest; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.initrd.systemd.enable = true; - - boot.plymouth.enable = true; - - # prevents `systemd-vconsole-setup` failing during systemd initrd - console.earlySetup = true; - systemd.services.systemd-vconsole-setup.unitConfig.After = "local-fs.target"; - services.smartd.enable = true; services.smartd.notifications.x11.enable = true; } diff --git a/home/browsers/mullvad-browser.nix b/home/browsers/mullvad-browser.nix index f5614c7..887e85e 100644 --- a/home/browsers/mullvad-browser.nix +++ b/home/browsers/mullvad-browser.nix @@ -217,6 +217,7 @@ in work = { id = 1; settings = commonSettings; + search = commonSearch; extensions.packages = commonExtensions ++ (with firefox-addons; [ diff --git a/home/editors/lsp.nix b/home/editors/lsp.nix index 491a001..a002117 100644 --- a/home/editors/lsp.nix +++ b/home/editors/lsp.nix @@ -8,7 +8,7 @@ unstable.nixd nls terraform-ls - unstable.opentofu-ls + unstable.tofu-ls pyright nodePackages.bash-language-server nodePackages.vim-language-server diff --git a/home/felschr-work.nix b/home/felschr-work.nix index fe1969e..924a8e2 100644 --- a/home/felschr-work.nix +++ b/home/felschr-work.nix @@ -68,6 +68,7 @@ with pkgs; # entertainment celluloid + spotify # ai unstable.alpaca diff --git a/hosts/cmdframe/default.nix b/hosts/cmdframe/default.nix index e1750c8..4efec24 100644 --- a/hosts/cmdframe/default.nix +++ b/hosts/cmdframe/default.nix @@ -5,7 +5,7 @@ ./disk-config.nix ../../hardware/base.nix ../../hardware/bluetooth.nix - ../../system/desktop.nix + ../../system/laptop.nix ../../system/printing/home.nix ../../desktop ../../desktop/cosmic.nix @@ -13,6 +13,7 @@ ../../virtualisation/podman.nix ../../virtualisation/libvirt.nix ../../modules/systemdNotify.nix + ../../services/llm.nix inputs.seven-modules.nixosModules.seven ]; @@ -39,6 +40,11 @@ "--operator=felschr" ]; + services.ollama = { + acceleration = "rocm"; + rocmOverrideGfx = "11.5.0"; + }; + seven = { enable = true; wireguard = { diff --git a/hosts/home-pc/default.nix b/hosts/home-pc/default.nix index 0cbba48..19d2a7a 100644 --- a/hosts/home-pc/default.nix +++ b/hosts/home-pc/default.nix @@ -20,7 +20,7 @@ ../../services/samba/home-pc.nix ../../services/restic/home-pc.nix ../../services/pcscd.nix - ../../services/open-webui.nix + ../../services/llm.nix inputs.seven-modules.nixosModules.seven ]; @@ -61,6 +61,11 @@ "87.98.162.88" = [ "portcheck.transmissionbt.com" ]; }; + services.ollama = { + acceleration = "rocm"; + rocmOverrideGfx = "10.3.1"; + }; + seven = { enable = true; wireguard = { diff --git a/services/adguardhome.nix b/services/adguardhome.nix index 4bbf1ad..50feaed 100644 --- a/services/adguardhome.nix +++ b/services/adguardhome.nix @@ -59,12 +59,12 @@ in { name = "OISD (Big)"; url = "https://big.oisd.nl"; - enabled = false; + enabled = true; } { name = "AdGuard DNS filter"; url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt"; - enabled = false; + enabled = true; } ]; whitelist_filters = [ diff --git a/services/open-webui.nix b/services/llm.nix similarity index 91% rename from services/open-webui.nix rename to services/llm.nix index 67794c8..a4d7e63 100644 --- a/services/open-webui.nix +++ b/services/llm.nix @@ -19,8 +19,6 @@ services.ollama = { enable = true; package = pkgs.unstable.ollama; - acceleration = "rocm"; - rocmOverrideGfx = "10.3.1"; }; services.open-webui = { diff --git a/system/boot.nix b/system/boot.nix new file mode 100644 index 0000000..126ef4c --- /dev/null +++ b/system/boot.nix @@ -0,0 +1,16 @@ +{ lib, pkgs, ... }: + +{ + boot.supportedFilesystems = lib.mkDefault [ "btrfs" ]; + boot.kernelPackages = lib.mkOverride 800 pkgs.linuxPackages_latest; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.systemd.enable = true; + + boot.plymouth.enable = true; + + # prevents `systemd-vconsole-setup` failing during systemd initrd + console.earlySetup = true; + systemd.services.systemd-vconsole-setup.unitConfig.After = "local-fs.target"; +} diff --git a/system/common.nix b/system/common.nix index 2d8bded..e6609c8 100644 --- a/system/common.nix +++ b/system/common.nix @@ -2,6 +2,7 @@ { imports = [ + ./boot.nix ./zram.nix ./i18n.nix ./nix.nix diff --git a/system/hardened.nix b/system/hardened.nix index cf94bc4..5bc2b25 100644 --- a/system/hardened.nix +++ b/system/hardened.nix @@ -12,8 +12,16 @@ # @TODO hardened kernel causes Bluetooth issues boot.kernelPackages = lib.mkOverride 900 pkgs.linuxPackages; - # Xbox Controller not working via Bluetooth if enabled - security.lockKernelModules = lib.mkOverride 900 false; + security = { + # Xbox Controller not working via Bluetooth if enabled + lockKernelModules = lib.mkOverride 900 false; + + sudo.enable = false; + sudo-rs = { + enable = true; + execWheelOnly = true; + }; + }; boot.loader.systemd-boot.editor = lib.mkDefault false; diff --git a/system/laptop.nix b/system/laptop.nix new file mode 100644 index 0000000..74eeef9 --- /dev/null +++ b/system/laptop.nix @@ -0,0 +1,8 @@ +_: + +{ + imports = [ + ./desktop.nix + ./lid.nix + ]; +} diff --git a/system/lid.nix b/system/lid.nix new file mode 100644 index 0000000..ccdc5c9 --- /dev/null +++ b/system/lid.nix @@ -0,0 +1,27 @@ +{ config, lib, ... }: + +{ + services.acpid = lib.mkIf config.services.fprintd.enable { + enable = true; + handlers.lidClosed = { + event = "button/lid \\w+ close"; + action = '' + echo "Lid closed. Disabling fprintd." + systemctl stop fprintd + ln -s /dev/null /run/systemd/transient/fprintd.service + systemctl daemon-reload + ''; + }; + handlers.lidOpen = { + event = "button/lid \\w+ open"; + action = '' + if ! $(systemctl is-active --quiet fprintd); then + echo "Lid open. Enabling fprintd." + rm -f /run/systemd/transient/fprintd.service + systemctl daemon-reload + systemctl start fprintd + fi + ''; + }; + }; +} diff --git a/system/networking.nix b/system/networking.nix index 7524edf..831e5a3 100644 --- a/system/networking.nix +++ b/system/networking.nix @@ -35,6 +35,24 @@ let "fd7a:115c:a1e0::a0a1:203c#dns.felschr.com" ]; }; + + mkPublicWifiProfile = ssid: { + connection = { + id = ssid; + type = "wifi"; + }; + wifi = { + mode = "infrastructure"; + inherit ssid; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + method = "auto"; + addr-gen-mode = "stable-privacy"; + }; + }; in { networking = { @@ -46,6 +64,11 @@ in 5353 # mDNS ]; networkmanager.dns = "systemd-resolved"; + networkmanager.ensureProfiles.profiles = { + "WIFIonICE" = mkPublicWifiProfile "WIFIonICE"; + "WIFI@DB" = mkPublicWifiProfile "WIFI@DB"; + "metronom free WLAN" = mkPublicWifiProfile "metronom free WLAN"; + }; }; systemd.network = { @@ -96,4 +119,20 @@ in dig wireguard-tools ]; + + networking.networkmanager.dispatcherScripts = [ + { + #!/usr/bin/env bash + source = pkgs.writeText "connect_ice" '' + set -euxo pipefail + ACTION="$2" + if [[ "$ACTION" == "up" ]]; then + if [[ "$CONNECTION_ID" =~ "WIFIonICE|WIFI@DB" ]]; then + ${pkgs.curl}/bin/curl 'https://login.wifionice.de/cna/logon' -sSL -X POST + fi + fi + ''; + type = "basic"; + } + ]; } diff --git a/system/nix.nix b/system/nix.nix index 927b138..335dc93 100644 --- a/system/nix.nix +++ b/system/nix.nix @@ -18,17 +18,18 @@ in nixpkgs.config.allowUnfree = true; - nix.gc = { - automatic = true; - dates = "04:00"; - options = "--delete-older-than 30d"; - }; - - nix.settings = { - trusted-users = [ "@wheel" ]; - auto-optimise-store = true; - substituters = nixConfig.extra-substituters; - trusted-public-keys = nixConfig.extra-trusted-public-keys; + nix = { + settings = { + trusted-users = [ "@wheel" ]; + substituters = nixConfig.extra-substituters; + trusted-public-keys = nixConfig.extra-trusted-public-keys; + }; + optimise.automatic = true; + gc = { + automatic = true; + dates = "04:00"; + options = "--delete-older-than 30d"; + }; }; system.autoUpgrade = { @@ -54,4 +55,8 @@ in '' nix flake update ${inputsToUpdateStr} --flake ${config.system.autoUpgrade.flake} ''; + + environment.systemPackages = with pkgs; [ + unstable.nix-tree + ]; }