zulumann/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2025.04.30-20:50

Browse Source
This commit is contained in:
zulumann
2025-04-30 20:47:57 +02:00
commit 8065685ccb
153 changed files with 6149 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

256
nixos_24.11_wlin001/configuration.nix Normal file
View File

@ -0,0 +1,256 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./system
./packages
];
# Bootloader
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
#loader.systemd-boot.consoleMode = "2";
loader.systemd-boot.editor = false;
loader.systemd-boot.memtest86.enable = true;
consoleLogLevel = 3; # silence ACPI "errors" (default is 4)
plymouth.enable = true;
tmp.useTmpfs = true;
tmp.tmpfsSize = "50%"; # set to auto to dynamically grow
tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxPackages_latest;
#kernelPackages = pkgs.linuxKernel.kernels.linux_xanmod;
initrd.network.openvpn.enable = true;
};
# Enable Kernel same-page merging
hardware.ksm.enable = true;
# Enable networking
networking ={
networkmanager.enable = true;
networkmanager.plugins = with pkgs; [ networkmanager-openvpn ];
usePredictableInterfaceNames = false;
hostName = "wlin001-nixos";
};
#programs.nm-applet.enable = true;
#users.extraGroups.networkmanager.members = [ "root" "zulumann" ];
# Set your time zone
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure console keymap
console.keyMap = "de";
# Define a user account. Dont forget to set a password with passwd.
users.users.zulumann = {
isNormalUser = true;
description = "Henrik Lutzmann";
extraGroups = [ "networkmanager" "wheel" "audio" "video" ];
openssh.authorizedKeys.keyFiles = [ /etc/nixos/secrets/authorized_keys ];
packages = with pkgs; [ ];
};
# Enable Firmware
hardware = {
#enableAllFirmware = true;
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = true;
#cpu.intel.updateMicrocode = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# Enable ZramSwap
zramSwap = {
enable = true;
priority = 100;
memoryPercent = 25;
algorithm = "zstd";
};
# Automatic Upgrades
system.autoUpgrade = {
enable = false;
allowReboot = false;
channel = "https://channels.nixos.org/nixos-24.11";
};
# NixOS Settings
documentation.nixos.enable = true;
nix = {
gc.automatic = true;
gc.options = "--delete-older-than 7d";
optimise.automatic = true;
optimise.dates = [ "weekly" ];
settings.auto-optimise-store = true;
settings.cores = 4; # maximum number of concurrent tasks during one build
settings.max-jobs = 4; # maximum number of jobs that Nix will try to build in parallel
settings.sandbox = true; # perform builds in a sandboxed environment
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
# Filesystems
fileSystems."/run" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "size=6G" ]; # Adjust based on your preferences and needs
};
# Fixed : better to use Dynamic
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "size=7G" ]; # Adjust based on your preferences and needs
};
# No access time and continuous TRIM for SSD
fileSystems."/".options = [ "noatime" "discard" ];
fileSystems."/home".options = [ "noatime" "discard" ];
fileSystems."/run/media/zulumann/HDD1.5TB" = {
device = "/dev/disk/by-uuid/58acb50a-9718-44fb-a7e6-199d7ef811d4";
fsType = "ext4";
options = [ "noatime" "nofail" "x-systemd.device-timeout=3" ];
};
fileSystems."/run/media/zulumann/HDD01" = {
device = "/dev/disk/by-uuid/31838396-c72f-4681-af5d-a2976459e28b";
fsType = "ext4";
options = [ "noatime" "nofail" "x-systemd.device-timeout=3" ];
};
fileSystems."/home/zulumann/VM-Image" = {
device = "/dev/disk/by-uuid/6a1bce14-88cb-4864-841e-2d384c8a853c";
fsType = "ext4";
options = [ "discard" "noatime" "nofail" "x-systemd.device-timeout=3" ];
};
# List services that you want to enable:
services = {
acpid.enable = true;
ananicy.enable = true;
#fwupd.enable = true;
gvfs.enable = true;
haveged.enable = true;
preload.enable = true;
udisks2.enable = true;
#tumbler.enable = true;
};
# Enable cron service
services.cron = {
enable = true;
systemCronJobs = [ "@hourly zulumann /home/zulumann/.rsync-backup.sh" ];
};
# Enable OpenSSH
services.openssh = {
enable = true;
openFirewall = true;
settings.PermitRootLogin = "no";
settings.PasswordAuthentication = false;
};
# Enable sound with pipewire
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
#media-session.enable = true;
};
# Enable Avahi
services.avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
# Enable tmux
programs.tmux.enable = true;
programs.bash = {
completion.enable = true;
enableLsColors = true;
shellAliases = {
set-default-boot="sudo /run/current-system/bin/switch-to-configuration boot";
full-system-clean="nix-collect-garbage -d && sudo nix-collect-garbage -d";
full-system-upgrade="sudo nixos-rebuild switch --upgrade && flatpak update -y && nix-env -u '*'";
list-system-configurations="ls -l /nix/var/nix/profiles/system-*-link";
system-rebuild="sudo nixos-rebuild switch";
system-repair="sudo nixos-rebuild switch --repair";
full-system-repair="sudo nix-store --verify --check-contents --repair";
system-upgrade-information="sudo nixos-rebuild switch --upgrade dry-build";
local-upgrade="sudo nix-channel --update nixpkgs && nix-env -u '*'";
pve01-update="ansible-playbook ~/Ansible/playbooks/apt-dist.yml -i ~/Ansible/hosts";
};
};
environment.systemPackages = with pkgs; [
bash
bash-completion
bash-preexec
bashdb
bashSnippets
nix-bash-completions
tmux
];
# Open ports in the firewall
# netstat -ntulp
networking.firewall = {
enable = false;
allowPing = true;
logRefusedConnections = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
allowedTCPPortRanges = [ ];
allowedUDPPortRanges = [ ];
};
system.stateVersion = "24.11";
}

43
nixos_24.11_wlin001/hardware-configuration.nix Normal file
View File

@ -0,0 +1,43 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "uas" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e2446999-54e5-4b73-9825-6e746e2812ef";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AFE2-5F35";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/b2cb0283-c6ef-49a4-9601-b5770b285945";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

120
nixos_24.11_wlin001/home/ansible.nix Normal file
View File

@ -0,0 +1,120 @@
{ config, pkgs, ... }:
{
home.file = {
"/home/zulumann/Ansible/ansible.cfg" = {
executable = true;
text = ''
[defaults]
inventory = /home/zulumann/Ansible/hosts
# The directory containing the playbooks
playbook_dir = /home/zulumann/Ansible/playbooks
# Timeout for the connection
timeout = 30
host_key_checking=False
'';
};
};
home.file = {
"/home/zulumann/Ansible/hosts" = {
executable = true;
text = ''
# Consolidation of all groups
[hosts:children]
pve01
internet
[pve01]
jdownloader ansible_host=192.168.10.51
fileserver01 ansible_host=192.168.10.52
checkmk ansible_host=192.168.10.53
pbs01 ansible_host=192.168.10.54
docker-lan ansible_host=192.168.10.55
mail ansible_host=192.168.10.120
vserver01 ansible_host=192.168.10.180
seedbox ansible_host=192.168.20.10
aptcache ansible_host=192.168.50.10
rustdesk ansible_host=192.168.50.12
radicale ansible_host=192.168.50.13
mumble ansible_host=192.168.50.14
meet ansible_host=192.168.50.15
freshrss ansible_host=192.168.50.17
owncloud ansible_host=192.168.50.18
webserver01 ansible_host=192.168.50.19
webserver02 ansible_host=192.168.50.20
gitea ansible_host=192.168.50.21
bookshelf ansible_host=192.168.50.22
#crowdsec ansible_host=192.168.50.23
syncthing ansible_host=192.168.50.24
sftpgo ansible_host=192.168.50.25
jellyfin ansible_host=192.168.60.20
adgurd ansible_host=192.168.178.10
[internet]
strato ansible_host=85.215.43.109
[pve01:vars]
ansible_user=root
ansible_port=22
ansible_python_interpreter=/usr/bin/python3
#ansible_ssh_private_key_file = ~/.ssh/id_rsa
[internet:vars]
ansible_user=root
ansible_port=63007
ansible_python_interpreter=/usr/bin/python3
#ansible_ssh_pass=password
'';
};
};
home.file = {
"/home/zulumann/Ansible/playbooks/apt-dist.yml" = {
executable = true;
text = ''
- name: apt dist-upgrade Debian based servers
hosts:
- pve01
- strato
tasks:
- name: Update package lists
apt:
update_cache: yes
- name: Only run "update_cache=yes" if the last one is more than 3600 seconds ago
apt:
update_cache: yes
cache_valid_time: 3600
- name: Upgrade all Packages
apt:
upgrade: dist
- name: Pass options to dpkg on run
apt:
upgrade: dist
update_cache: yes
dpkg_options: 'force-confold,force-confdef'
- name: Autoremove unused packages
become: yes
command: apt -y autoremove
- name: Removes all packages from the package cache
become: yes
command: apt -y clean
'';
};
};
home.shellAliases = {
lxc-update = "ansible-playbook ~/Ansible/playbooks/apt-dist.yml -i ~/Ansible/hosts";
};
}

12
nixos_24.11_wlin001/home/config-profile.nix Normal file
View File

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
home.file = {
".profile" = {
text = ''
export GTK_THEME=Arc-Dark
'';
};
};
}

80
nixos_24.11_wlin001/home/config-rsync.nix Normal file
View File

@ -0,0 +1,80 @@
{ config, pkgs, ... }:
{
home.file = {
".rsync-backup.sh" = {
executable = true;
text = ''
#!/bin/sh
#
################################################################################
#
# Push Home Zulumann to Fileserver01/Backup/$HOSTNAME/
#
################################################################################
# -a (Kurzversion für --archive): gleiche Bedeutung wie -rlptgoD
# -r (Kurzversion für --recursive): Unterverzeichnisse kopieren
# -l (Kurzversion für --links): symbolische Links kopierenrsync
# -p (Kurzversion für --perms): Rechte der Quelldatei beibehalten
# -t (Kurzversion für --times): Zeiten der Quelldatei beibehalten
# -g (Kurzversion für --group): Gruppenrechte der Quelldatei beibehalten
# -o (Kurzversion für --owner): Besitzrechte der Quelldatei beibehalten (nur als root User möglich)
# -D (Kurzversion für --devices --specials): Gerätedateien der Quelldatei beibehalten (nur als root User möglich)
# -v (Kurzversion für --verbose): zeigt während der Ausführung an welche Dateien synchronisiert werden
# -z
# --delete: entfernt Dateien im Zielverzeichnis die mittelerweile im Quellverzeichnis nicht mehr vorhanden sind
# rsync --dry-run
################################################################################
# rsync -rdt rsync://192.168.10.52/
#
rsync -a -v --exclude-from=/home/$USER/.rsync-exlude --delete --progress --partial /home/$USER/ rsync://192.168.10.52:873/Backup/$HOSTNAME/ -b --backup-dir=01rsync-trash/ 2>&1 | tee /home/$USER/.rsync-backup.log
'';
};
};
home.file = {
".rsync-exlude" = {
text = ''
- Downloads
- Games
- Share-Cloud
- Share-Priv
- Share-SMB
- Share-VM
- Sync
- VM-Image
- Code Cache
- cache*
- Cache*
- Cache_*
- *_cache
- *Cache
- DawnGraphiteCache
- log*
- logs
- tmp
- Trash
+ .config
- .config/syncthing
- .config/unity3d
- .config/ownCloud
+ .local
- .local/state
- .local/share/containers
- .local/share/flatpak
- .local/share/keyrings
- .local/share/nomic.ai
- .local/share/Steam
+ .jd2
+ .conkyrc
- .*
- *.LOG
- LOG
- *.old
'';
};
};
}

180
nixos_24.11_wlin001/home/config-ssh.nix Normal file
View File

@ -0,0 +1,180 @@
{ config, pkgs, ... }:
{
programs.ssh = {
enable = true;
matchBlocks = {
### Network Hosts ###
htpc01 = {
hostname = "htpc01.local";
user = "kodi";
port = 22;
# identityFile = "~/.ssh/id_rsa.pub";
};
nas = {
hostname = "192.168.20.90";
user = "root";
port = 22;
};
pve01 = {
hostname = "192.168.10.50";
user = "root";
port = 22;
};
### Proxmox PVE01 LAN ###
pfsense = {
hostname = "192.168.10.1";
user = "admin";
port = 22;
};
opnsense = {
hostname = "192.168.10.1";
user = "root";
port = 22;
};
fileserver01 = {
hostname = "192.168.10.52";
user = "root";
port = 22;
};
checkmk = {
hostname = "192.168.50.53";
user = "root";
port = 22;
};
pbs01 = {
hostname = "192.168.10.54";
user = "root";
port = 22;
};
docker-lan = {
hostname = "192.168.10.55";
user = "root";
port = 22;
};
jdownloader = {
hostname = "192.168.10.57";
user = "root";
port = 22;
};
vserver01 = {
hostname = "192.168.10.180";
user = "root";
port = 22;
};
adgurd = {
hostname = "192.168.178.10";
user = "root";
port = 22;
};
### Proxmox PVE01 DMZ ###
aptcache = {
hostname = "192.168.50.10";
user = "root";
port = 22;
};
docker-dmz = {
hostname = "192.168.50.11";
user = "root";
port = 22;
};
rustdesk = {
hostname = "192.168.50.12";
user = "root";
port = 22;
};
radicale = {
hostname = "192.168.50.13";
user = "root";
port = 22;
};
mumble = {
hostname = "192.168.50.14";
user = "root";
port = 22;
};
meet = {
hostname = "192.168.50.15";
user = "root";
port = 22;
};
mail = {
hostname = "192.168.50.16";
user = "root";
port = 22;
};
freshrss = {
hostname = "192.168.50.17";
user = "root";
port = 22;
};
owncloud = {
hostname = "192.168.50.18";
user = "root";
port = 22;
};
websrv01 = {
hostname = "192.168.50.19";
user = "root";
port = 22;
};
websrv02 = {
hostname = "192.168.50.20";
user = "root";
port = 22;
};
gitea = {
hostname = "192.168.50.21";
user = "root";
port = 22;
};
### Proxmox PVE01 IOT ###
jellyfin = {
hostname = "192.168.60.20";
user = "root";
port = 22;
};
### Proxmox PVE01 VPN ###
seedbox = {
hostname = "192.168.20.10";
user = "root";
port = 22;
};
### Internet Hosts ###
strato = {
hostname = "85.215.43.109";
user = "root";
port = 63007;
};
};
};
}

16
nixos_24.11_wlin001/home/default.nix Normal file
View File

@ -0,0 +1,16 @@
{ pkgs, config, ... }:
{
imports = [
# Enable &/ Configure Programs
./ansible.nix
./config-profile.nix
./config-rsync.nix
./config-ssh.nix
./psd.nix
# Place Home Files Like Pictures
#./files.nix
];
}

1
nixos_24.11_wlin001/home/profile Normal file
View File

@ -0,0 +1 @@
export GTK_THEME=Arc-Dark

56
nixos_24.11_wlin001/home/psd.nix Normal file
View File

@ -0,0 +1,56 @@
{ config, pkgs, ... }:
{
services.psd = {
enable = true;
resyncTimer = "30min";
};
home.file = {
".config/psd/psd.conf" = {
text = ''
# $XDG_CONFIG_HOME/psd/psd.conf
#
# For documentation, refer man 1 psd or to the wiki page
# https://wiki.archlinux.org/index.php/Profile-sync-daemon
## NOTE the following:
## To protect data from corruption, in the event that you do make an edit while
## psd is active, any changes made will be applied the next time you start psd.
# Uncomment and set to "yes" to use overlayfs instead of a full copy to reduce
# the memory costs and to improve sync/unsync operations. Note that your kernel
# MUST have this module available in order to use this mode.
USE_OVERLAYFS="yes"
# Uncomment and set to "yes" to resync on suspend to reduce potential data loss.
# Note that your system MUST have gdbus from glib2 installed to use this mode.
USE_SUSPSYNC="yes"
# List any browsers in the array below to have managed by psd. Useful if you do
# not wish to have all possible browser profiles managed which is the default if
# this array is left commented.
# Possible values:
# chromium
# firefox
# firefox-trunk
# vivaldi
# vivaldi-snapshot
BROWSERS=(firefox)
# Uncomment and set to "no" to completely disable the crash recovery feature.
#
# The default is to create crash recovery backups if the system is ungracefully
# powered-down due to a kernel panic, hitting the reset switch, battery going
# dead, etc. Some users keep very diligent backups and don't care to have this
# feature enabled.
USE_BACKUPS="yes"
# Uncomment and set to an integer that is the maximum number of crash recovery
# snapshots to keep (the oldest ones are deleted first).
# The default is to save the most recent 5 crash recovery snapshots.
BACKUP_LIMIT=5
'';
};
};
}

BIN
nixos_24.11_wlin001/home/wallpaper/5120x2880.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
nixos_24.11_wlin001/home/wallpaper/Coasto 3.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 937 KiB

BIN
nixos_24.11_wlin001/home/wallpaper/DarkCyan.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 71 KiB

BIN
nixos_24.11_wlin001/home/wallpaper/Mountain_04.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 MiB

BIN
nixos_24.11_wlin001/home/wallpaper/Textur_01.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 274 KiB

BIN
nixos_24.11_wlin001/home/wallpaper/adapta_backgrounds01.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 MiB

BIN
nixos_24.11_wlin001/home/wallpaper/adapta_backgrounds03.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 MiB

BIN
nixos_24.11_wlin001/home/wallpaper/adapta_backgrounds04.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.4 MiB

BIN
nixos_24.11_wlin001/home/wallpaper/cubes_1080.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 193 KiB

BIN
nixos_24.11_wlin001/home/wallpaper/greenish.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 812 KiB

16
nixos_24.11_wlin001/packages/appimage.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
{
boot.binfmt = {
registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
};
# run aarch64 binaries
emulatedSystems = [ "aarch64-linux" ];
};
}

106
nixos_24.11_wlin001/packages/cinnamon.nix Normal file
View File

@ -0,0 +1,106 @@
{ config, pkgs, ... }:
{
services = {
# Enable the X11 windowing system
xserver = {
enable = true;
xkb.layout = "de";
xkb.variant = "";
xkb.options = "eurosign:e";
exportConfiguration = true;
enableCtrlAltBackspace = true;
#wacom.enable = false;
# Enable Lightdm
displayManager = {
lightdm.enable = true;
lightdm.background = /etc/nixos/home/wallpaper/5120x2880.jpg;
lightdm.greeters.slick.theme.name = "Arc-Dark";
lightdm.greeters.slick.iconTheme.name = "Papirus-Dark";
lightdm.greeters.slick.cursorTheme.name = "Numix-Cursor";
lightdm.greeters.slick.extraConfig = "activate-numlock=true";
};
# Enable the Cinnamon Desktop Environment
desktopManager = {
xterm.enable = false;
cinnamon.enable = true;
};
};
displayManager.defaultSession = "cinnamon";
bamf.enable = true;
libinput.enable = false;
};
# Enable Programs
programs = {
dconf.enable = true;
geary.enable = false;
system-config-printer.enable = true;
};
# Enable xdg portal
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-xapp ];
};
# Environment variables
environment.variables = {
EDITOR = "nano";
BROWSER = "firefox";
QT_QPA_PLATFORM = "xcb";
#QT_QPA_PLATFORMTHEME = lib.mkForce "qt5ct";
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
XDG_BIN_HOME = "$HOME/.local/bin";
PATH = [
"${XDG_BIN_HOME}"
];
};
environment.systemPackages = with pkgs; [
conky
clipit
nemo-emblems
nemo-with-extensions
nemo-fileroller
nemo-python
bulky
file-roller
gnome-system-monitor
gnome-disk-utility
tilda
system-config-printer
plank
numlockx
];
environment.cinnamon.excludePackages = with pkgs; [
#nemo
onboard
hexchat
xterm
];
networking.firewall = {
allowedTCPPorts = [
42000 # Warpinator used for transfer
42001 # Warpinator authentication port
];
allowedUDPPorts = [
42000 # Warpinator used for transfer
42001 # Warpinator authentication port
];
};
}

17
nixos_24.11_wlin001/packages/default.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
imports = [
./appimage.nix
./cinnamon.nix
./distrobox.nix
./firefox.nix
./flatpak.nix
#./mpd.nix
./nix-ld.nix
./steam.nix
./syncthing.nix
./packages.nix
./home-manager.nix
];
}

13
nixos_24.11_wlin001/packages/distrobox.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
users.users.zulumann.extraGroups = [ "docker" ];
environment.systemPackages = with pkgs; [
distrobox # Wrapper around podman or docker to create and start containers
boxbuddy # An unofficial GUI for managing your Distroboxes
];
}

196
nixos_24.11_wlin001/packages/firefox.nix Normal file
View File

@ -0,0 +1,196 @@
{ config, pkgs, ... }:
{
programs.firefox = {
enable = true;
languagePacks = [ "de" ];
preferences = {
"extensions.pocket.enabled" = false;
"extensions.screenshots.disabled" = false;
"browser.topsites.contile.enabled" = false;
"browser.formfill.enable" = false;
"browser.search.suggest.enabled" = false;
"browser.search.suggest.enabled.private" = false;
"browser.urlbar.suggest.searches" = false;
"browser.urlbar.showSearchSuggestionsFirst" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.feeds.snippets" = false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.system.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
};
policies = {
CaptivePortal = false;
DisableFirefoxAccounts = false;
DisableAccounts = false;
DisableFirefoxScreenshots = true;
DisableTelemetry = true;
DisableFirefoxStudies = true;
DisablePocket = true;
DontCheckDefaultBrowser = true;
PasswordManagerEnabled = false;
OverrideFirstRunPage = "";
OverridePostUpdatePage = "";
DisplayBookmarksToolbar = "always"; # alternatives: "always" or "newtab"
DisplayMenuBar = "default-off"; # alternatives: "always", "never" or "default-on"
SearchBar = "separate"; # alternative: "unified"
EnableTrackingProtection = {
Value= true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
FirefoxHome = {
Highlights = false;
Pocket = false;
Search = true;
Snippets = false;
TopSites = false;
};
settings = {
"browser.download.panel.shown" = true;
"dom.security.https_only_mode" = true;
"general.smoothScroll" = true;
"gfx.webrender.enabled" = true;
"layout.css.backdrop-filter.enabled" = true;
"media.videocontrols.picture-in-picture.video-toggle.enabled" = false;
"signon.rememberSignons" = false;
"svg.context-properties.content.enabled" = true;
# We handle this elsewhere
"browser.shell.checkDefaultBrowser" = false;
# Don't allow websites to prevent use of right-click, or otherwise
# messing with the context menu.
"dom.event.contextmenu.enabled" = true;
# Don't allow websites to prevent copy and paste. Disable
# notifications of copy, paste, or cut functions. Stop webpage
# knowing which part of the page had been selected.
"dom.event.clipboardevents.enabled" = true;
# Do not track from battery status.
"dom.battery.enabled" = false;
# Show punycode. Help protect from character 'spoofing'.
"network.IDN_show_punycode" = true;
# Disable site reading installed plugins.
"plugins.enumerable_names" = "";
# Use Mozilla instead of Google here.
"geo.provider.network.url" =
"https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
# Safe browsing
"browser.safebrowsing.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.provider.google4.updateURL" = "";
"browser.safebrowsing.provider.google4.reportURL" = "";
"browser.safebrowsing.provider.google4.reportPhishMistakeURL" = "";
"browser.safebrowsing.provider.google4.reportMalwareMistakeURL" = "";
"browser.safebrowsing.provider.google4.lists" = "";
"browser.safebrowsing.provider.google4.gethashURL" = "";
"browser.safebrowsing.provider.google4.dataSharingURL" = "";
"browser.safebrowsing.provider.google4.dataSharing.enabled" = false;
"browser.safebrowsing.provider.google4.advisoryURL" = "";
"browser.safebrowsing.provider.google4.advisoryName" = "";
"browser.safebrowsing.provider.google.updateURL" = "";
"browser.safebrowsing.provider.google.reportURL" = "";
"browser.safebrowsing.provider.google.reportPhishMistakeURL" = "";
"browser.safebrowsing.provider.google.reportMalwareMistakeURL" = "";
"browser.safebrowsing.provider.google.pver" = "";
"browser.safebrowsing.provider.google.lists" = "";
"browser.safebrowsing.provider.google.gethashURL" = "";
"browser.safebrowsing.provider.google.advisoryURL" = "";
"browser.safebrowsing.downloads.remote.url" = "";
# Don't call home on new tabs
"browser.selfsupport.url" = "";
"browser.aboutHomeSnippets.updateUrL" = "";
"browser.startup.homepage_override.mstone" = "ignore";
"browser.startup.homepage_override.buildID" = "";
"startup.homepage_welcome_url" = "";
"startup.homepage_welcome_url.additional" = "";
"startup.homepage_override_url" = "";
# Firefox experiments...
"experiments.activeExperiment" = false;
"experiments.enabled" = false;
"experiments.supported" = false;
"extensions.pocket.enabled" = false;
"identity.fxaccounts.enabled" = false;
# Privacy
"privacy.donottrackheader.enabled" = true;
"privacy.donottrackheader.value" = 1;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.socialtracking.enabled" = true;
"privacy.firstparty.isolate" = true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.archive.enabled" = false;
"browser.toolbars.bookmarks.visibility" = "never";
# Cookies
"network.cookie.cookieBehavior" = 1;
# Perf
"gfx.webrender.all" = true;
"media.ffmpeg.vaapi.enabled" = true;
"media.ffvpx.enabled" = false;
"media.rdd-vpx.enabled" = false;
"gfx.webrender.compositor.force-enabled" = true;
"media.navigator.mediadatadecoder_vpx_enabled" = true;
"webgl.force-enabled" = true;
"layers.acceleration.force-enabled" = true;
"layers.offmainthreadcomposition.enabled" = true;
"layers.offmainthreadcomposition.async-animations" = true;
"layers.async-video.enabled" = true;
"html5.offmainthread" = true;
};
};
};
programs.firefox.policies = {
ExtensionSettings = with builtins;
let extension = shortId: uuid: {
name = uuid;
value = {
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "normal_installed";
};
};
in listToAttrs [
(extension "torrent-to-web" "torrent-to-web@dasprids.de")
(extension "Cookie-AutoDelete" "CookieAutoDelete@kennydo.com")
(extension "ublock-origin" "uBlock0@raymondhill.net")
(extension "bitwarden-password-manager" "{446900e4-71c2-419f-a6a7-df9c091e268b}")
(extension "no-gender" "{f0bb47a1-a5b1-4a4c-80fb-556d6a60e45c}")
(extension "get-rss-feed-url" "{15bdb1ce-fa9d-4a00-b859-66c214263ac0}")
(extension "freshrss-watcher" "{8276b2b6-a974-4254-8647-79c691694b10}")
(extension "bookmarked-speed-dial" "{83a9ecbd-0360-4fee-8822-233ed92cf930}")
(extension "i-still-don't-care-about-cookies" "idcac-pub@guus.ninja")
#(extension "joplin-web-clipper" "{8419486a-54e9-11e8-9401-ac9e17909436}")
#(extension "umatrix" "uMatrix@raymondhill.net")
#(extension "libredirect" "7esoorv3@alefvanoon.anonaddy.me")
#(extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}")
];
# To add additional extensions, find it on addons.mozilla.org, find
# the short ID in the url (like https://addons.mozilla.org/en-US/firefox/addon/!SHORT_ID!/)
# Then, download the XPI by filling it in to the install_url template, unzip it,
# run `jq .browser_specific_settings.gecko.id manifest.json` or
# `jq .applications.gecko.id manifest.json` to get the UUID
};
}

14
nixos_24.11_wlin001/packages/flatpak.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
services.flatpak.enable = true;
systemd.services.flatpak-repo = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.flatpak ];
script = ''
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
'';
};
}

30
nixos_24.11_wlin001/packages/home-manager.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, lib, pkgs, osConfig, ... }:
let
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz";
in
{
imports = [
(import "${home-manager}/nixos")
];
home-manager.backupFileExtension = "backup";
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.zulumann = {
home.stateVersion = "24.11";
home.homeDirectory = "/home/zulumann";
home.packages = with pkgs; [
neofetch
];
imports = [
./../home
];
programs.home-manager.enable = true;
};
}

44
nixos_24.11_wlin001/packages/mpd.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, pkgs, ... }:
# aplay -l
# aplay --list-pcm
# pacmd list-modules
# pacmd list-cards
{
services.mpd = {
enable = true;
user = "zulumann";
musicDirectory = "/run/media/zulumann/HDD1.5TB/Audio/Musik";
playlistDirectory = "/run/media/zulumann/HDD1.5TB/Audio/Playlists";
network.listenAddress = "any";
startWhenNeeded = true; # systemd feature: only start MPD service upon connection to its socket
extraConfig = ''
audio_output {
type "alsa"
name "My ALSA"
device "hw:0,0" # optional
format "44100:16:2" # optional
mixer_type "hardware"
mixer_device "default"
mixer_control "PCM"
}
audio_output {
type "pipewire"
name "My PipeWire Output"
}
'';
};
systemd.services.mpd.environment = {
# https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/609
XDG_RUNTIME_DIR =
"/run/user/1000"; # User-id 1000 must match above user. MPD will look inside this directory for the PipeWire socket.
};
environment.systemPackages = with pkgs; [
#gmpc # Gnome Music Player Client
cantata
];
}

63
nixos_24.11_wlin001/packages/nix-ld.nix Normal file
View File

@ -0,0 +1,63 @@
{ config, pkgs, ... }:
{
# Enable LD Fix
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged
# programs here, NOT in environment.systemPackages
alsa-lib
at-spi2-atk
at-spi2-core
atk
cairo
cups
curl
dbus
expat
fontconfig
freetype
fuse3
gdk-pixbuf
glib
gtk3
icu
libGL
libappindicator-gtk3
libdrm
libglvnd
libnotify
libpulseaudio
libunwind
libusb1
libuuid
libxkbcommon
libxml2
mesa
nspr
nss
openssl
pango
pipewire
stdenv.cc.cc
systemd
vulkan-loader
xorg.libX11
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
xorg.libxcb
xorg.libxkbfile
xorg.libxshmfence
zlib
];
}

262
nixos_24.11_wlin001/packages/packages.nix Normal file
View File

@ -0,0 +1,262 @@
{ config, pkgs, ... }:
let
unstableTarball =
fetchTarball
https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz;
in
{
imports =
[ # Include the results of the hardware scan.
/etc/nixos/hardware-configuration.nix
];
nixpkgs.config = {
packageOverrides = pkgs: {
unstable = import unstableTarball {
config = config.nixpkgs.config;
};
};
};
# Allow unfree packages
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [
];
};
# Enable Fonts
fonts = {
fontDir.enable = true;
enableGhostscriptFonts = true;
packages = with pkgs; [
corefonts
terminus_font
ubuntu_font_family
liberation_ttf
dejavu_fonts
];
};
# Enable Java
programs.java = {
enable = true;
package = pkgs.jdk11;
};
environment.systemPackages = with pkgs; [
# ---------------------------------------------------------------------
# Core Pakages
# ---------------------------------------------------------------------
ansible # Radically simple IT automation
curl # A command line tool for transferring files with URL syntax
dnsutils # Domain name server
diffutils # Commands for showing the differences between files (diff, cmp, etc.)
mc # File Manager and User Shell for the GNU Project
htop # An interactive process viewer
rsync # Fast incremental file transfer utility
wget # Tool for retrieving files using HTTP, HTTPS, and FTP
nettools # A set of tools for controlling the network subsystem
ncdu # Disk usage analyzer with an ncurses interface
# nfs-utils # Linux user-space NFS utilities
pciutils # inspecting and manipulating configuration of PCI devices
pwgen # Password generator
# pwgen-secure # Secure password generation library to replace pwgen
renameutils # A set of programs to make renaming of files faster
rename # Rename files according to a Perl rewrite expression
smartmontools # Tools for monitoring the health of hard drives
imagemagick # A software suite to create, edit, compose, or convert bitmap images
lshw # Provide detailed information on the hardware configuration
lsof # A tool to list open files
unrar # Utility for RAR archives
unzip # An extraction utility for archives compressed
zip # Compressor/archiver for creating and modifying zipfiles
p7zip # A new p7zip fork with additional codecs
# ---------------------------------------------------------------------
# Accessories
# ---------------------------------------------------------------------
authenticator # Two-factor authentication code generator for GNOME
bleachbit # A program to clean your computer
# czkawka # A simple, fast and easy to use app to remove unnecessary files
bitwarden # bitwarden-desktop
# deja-dup # A simple backup tool
gnome-decoder # Scan and Generate QR Codes
gnome-obfuscate # Censor private information
gnome-maps # A map application for GNOME 3
# gpt4all # A free-to-use, locally running, privacy-aware chatbot. No GPU or internet required
# fsearch # A fast file search utility for Unix-like systems based on GTK+3
cherrytree # An hierarchical note taking application
# caffeine-ng # Status bar application to temporarily inhibit screensaver and sleep mode
doublecmd # Two-panel graphical file manager written in Pascal
freefilesync # Open Source File Synchronization & Backup Software
shutter # Screenshot and annotation tool
gparted # Graphical disk partitioning tool
ulauncher # A fast application launcher for Linux
# synapse # Semantic launcher to start applications and find relevant files
# pika-backup # Simple backups based on borg
owncloud-client # Synchronise your ownCloud
keepassxc # Offline password manager
# veracrypt # Free Open-Source filesystem on-the-fly encryption
# ---------------------------------------------------------------------
# Andriod software
# ---------------------------------------------------------------------
# android-file-transfer # Reliable MTP client with minimalistic UI provides: aft-mtp-cli android-file-transfer aft-mtp-mount
# android-tools # Android SDK platform tools
# waydroid # Waydroid is a container-based approach to boot a full Android system on a regular GNU/Linux system
# ---------------------------------------------------------------------
# Codec
# ---------------------------------------------------------------------
ffmpeg # A complete, cross-platform solution to record, convert and stream audio and video
ffmpegthumbnailer # A lightweight video thumbnailer
gst_all_1.gst-vaapi
gst_all_1.gst-libav
gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-ugly
gst_all_1.gst-plugins-good
gst_all_1.gst-plugins-base
lame # A high quality MPEG Audio Layer III (MP3) encoder
wavpack # Hybrid audio compression format
x264 # Library for encoding H264/AVC video streams
x265 # Library for encoding H.265/HEVC video streams
mpg123 # Fast console MPEG Audio Player and decoder library
#-----------------------------------------------------------------
# DVD / Bluray
#-----------------------------------------------------------------
asunder # A graphical Audio CD ripper and encoder for Linux
libbluray # Library to access Blu-Ray disks for video playback
libaacs # Library to access AACS protected Blu-Ray disks
libdvdcss # A library for decrypting DVDs
libisofs # A library to create an ISO-9660 filesystem with extensions like RockRidge or Joliet
libburn # A library by which preformatted data get onto optical media: CD, DVD, BD (Blu-Ray)
xfce.xfburn # Disc burner and project creator for Xfce
#-----------------------------------------------------------------
# Emulatoren
#-----------------------------------------------------------------
# ppsspp-qt # Playstation Portable emulator
# pcsx2 # Playstation 2 emulator
# ---------------------------------------------------------------------
# Graphics
# ---------------------------------------------------------------------
simple-scan # Simple scanning utility
gimp-with-plugins # The GNU Image Manipulation Program
pinta # Drawing/editing program modeled after Paint.NET
# shotwell # Popular photo organizer for the GNOME desktop
#-----------------------------------------------------------------
# Gaming
#-----------------------------------------------------------------
# bottles # An easy-to-use wineprefix manager
# mangohud # A Vulkan and OpenGL overlay for monitoring FPS
# goverlay # Graphical UI to help manage Linux overlays
# heroic # A Native GOG, Epic, and Amazon Games Launcher
# protonup-ng # CLI program and API to automate the installation and update Proton-GE
# protonup-qt # manage Proton-GE and Luxtorpeda for Steam and Wine-GE
xboxdrv # Xbox/Xbox360 gamepad driver
#-----------------------------------------------------------------
# Tools
#-----------------------------------------------------------------
# gpu-viewer # A front-end to glxinfo, vulkaninfo, clinfo and es2_info
# cpu-x # Software that gathers information on CPU, motherboard and more
#-----------------------------------------------------------------
# Internet
#-----------------------------------------------------------------
angryipscanner # fast and friendly network scanner
brave # Brave Browser
freetube # An Open Source YouTube app for privacy
filezilla # Graphical FTP, FTPS and SFTP client
# protonvpn-gui # Proton VPN GTK app
# signal-desktop # Private, simple, and secure messenger
tdesktop # Telegram Desktop
# deltachat-desktop # Email-based instant messaging for Desktop
tor-browser # Tor Browser
remmina # Remote desktop client written in GTK
# newsflash # Modern feed reader designed for the GNOME desktop
mumble # Low-latency, high quality voice chat software
liferea # A GTK-based news feed aggregator
uget # Download manager using GTK and libcurl
# vivaldi # Browser for our Friends, powerful and personal
# vivaldi-ffmpeg-codecs # Additional support for proprietary codecs for Vivaldi
#-----------------------------------------------------------------
# Office
#-----------------------------------------------------------------
evolution # application that provides integrated mail, calendaring and address book
# gscan2pdf # GUI to produce PDFs or DjVus from scanned documents
foliate # A simple and modern GTK eBook reader
paperwork # personal document manager for scanned documents
pdfarranger # Merge or split pdf documents and rotate, crop and rearrange their pages
# onlyoffice-bin_latest # Office suite that combines text, spreadsheet and presentation editors allowing to create
libreoffice-fresh # Comprehensive, professional-quality productivity suite, a variant of openoffice.org
obsidian # Powerful knowledge base that works on top of a local folder of plain text Markdown files
# xournalpp # Xournal++ is a handwriting Notetaking software with PDF annotation support
# ---------------------------------------------------------------------
# Programming
# ---------------------------------------------------------------------
git # Distributed version control system
# diffuse # Graphical tool for merging and comparing text files
meld # Visual diff and merge tool
vscodium # Open source source code editor developed by Microsoft
github-desktop # GUI for managing Git and GitHub
# ---------------------------------------------------------------------
# Themes
# ---------------------------------------------------------------------
arc-theme # Flat theme with transparent elements for GTK 3, GTK 2 and Gnome Shell
papirus-icon-theme # Pixel perfect icon theme for Linux
numix-cursor-theme # Numix cursor theme
#-----------------------------------------------------------------
# Multimedia
#-----------------------------------------------------------------
audacious # A lightweight and versatile audio player
audacious-plugins # Plugins for Audacious music player
easytag # View and edit tags for various audio files
mediainfo-gui # Supplies technical and tag information about a video or audio file
soundconverter # Leading audio file converter for the GNOME Desktop
strawberry # Music player and music collection organizer
# obs-studio # Free and open source software for video recording and live streaming
# guvcview # A simple interface for devices supported by the linux UVC driver
# kazam # A screencasting program created with design in mind
video-trimmer # Trim videos quickly
radiotray-ng # An internet radio player
jellyfin-media-player # Jellyfin Desktop Client based on Plex Media Player
vlc # Cross-platform media player and streaming server
# ---------------------------------------------------------------------
# NIX-Tools
# ---------------------------------------------------------------------
niv # Nix dependency management
nix-bash-completions # Bash completions for Nix, NixOS, and NixOps
nix-index # A files database for nixpkgs
nix-prefetch-git # nix-prefetch-git
# nixos-generators # Collection of image builders
# ---------------------------------------------------------------------
# Spell checker
# ---------------------------------------------------------------------
aspell # Spell checker for many languages
aspellDicts.de # Aspell dictionary for German
hunspell # Spell checker
hunspellDicts.de-de # Hunspell dictionary for German
hyphen # A text hyphenation library
# languagetool # A proofreading program for English, German ...
# ---------------------------------------------------------------------
# Openvpn
# ---------------------------------------------------------------------
#openvpn # A robust and highly flexible tunneling application
#networkmanager-openvpn
#gnome.networkmanager-openvpn
];
}

19
nixos_24.11_wlin001/packages/steam.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, ... }:
{
# Enable Steam and Gamemode
nixpkgs.config = {
allowUnfreePackages = [ "steam" "steam-original" "steam-runtime" "steam-run" ];
};
programs.gamemode.enable = true;
hardware.steam-hardware.enable = true;
programs.steam = {
enable = true;
gamescopeSession.enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
}

36
nixos_24.11_wlin001/packages/syncthing.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, pkgs, ... }:
{
# Enable Syncthing
services.syncthing = {
enable = true;
openDefaultPorts = true;
guiAddress = "127.0.0.1:8384";
user = "zulumann";
group = "users";
configDir = "/home/zulumann/.config/syncthing";
dataDir = "/home/zulumann";
overrideDevices = false;
overrideFolders = false;
settings.devices = {
"Syncthing-Server" = { id = "2YNMVUC-HCUVYV4-C7ZJJ72-HQJSFBF-TOO6VPG-QYYIBZA-X3JC4MA-5WKEGA4"; };
};
settings.versioning = {
type = "staggered";
params = {
cleanInterval = "3600"; # 1 hour in seconds
maxAge = "15552000"; # 180 days in seconds
};
};
};
services.syncthing.settings.gui = {
user = "zulumann";
password = "he_lu@1970";
};
environment.systemPackages = with pkgs; [
#qsyncthingtray
];
}

7
nixos_24.11_wlin001/script/flatpak_theme.sh Normal file
View File

@ -0,0 +1,7 @@
#!/usr/bin/env bash
#
mkdir ~/.themes
cp -R /run/current-system/sw/share/themes/Arc-Dark ~/.themes/
cp -R /run/current-system/sw/share/icons/Papirus-Dark ~/.icons
sudo flatpak override --filesystem=$HOME/.themes
sudo flatpak override --env=GTK_THEME=Arc-Dark

1
nixos_24.11_wlin001/secrets/authorized_keys Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRdiYgMyVjyXbbk2/lzFVRIK23JTICCmla0T0NNdP7LyAOiisV5lTg7PgFLFxaJ5QWSOUPcXwdhkkwT3yCGgzbWSS4sPGcon6hhFmaw54VITzkGK96e6/C/1X+L2BivYeaSSMBsezEScm8Ahl+uW7d2UmBzqTCg07dBWz1oyrgp9CKG5OuhdcKDdQ7w6t/YJNurYMr4nWHq7LKW9YwrRtmMPBoomoF01/4xO2YTWV6nrvEjui2JQMZJ0S3yigxVeP5TtWV26MY9IXIp8go7zrqEX34oVCHyRUtHMIIfWXR43pHOsLmzcpA5UnnuNQh4SO1BUjlEvFdQPLETfjmPxVk4GMBPfL0O81sgLck6drVKg2gsnTMUm/aSkn3Y845dKCaJes8s089RGVOIl5cnufB/HJ04im++2P/rmY1H1kxHu1jTHnxx78fvcHZ93Gco7X3j9pFrMsBxzG0wDkZGGRiNIeWjjGihQScMe7G/1aIWgHxZYmLVfdNPiDMYyBjvD6I2HxbAhWOdiYPXEjyKZAGa6IXGh9BEURlxFI1k7fKcs2AncL6Q2fXJQKzqfHD6dqndmVIzfj3gBLSSDTnfkOSCM2fBmHbgBuoUuIL6E7eFKxRpmw0Dh568VXQI0lBsmbDwiut4fTAuh/JF1yCCVW3qFMUT27RA6Z+15k0dQEFLw== zulumann@wlin001-lmde4

3
nixos_24.11_wlin001/secrets/samba-secrets Normal file
View File

@ -0,0 +1,3 @@
username=zulumann
domain=WORKGROUP
password=

14
nixos_24.11_wlin001/system/default.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
./tweaks
./gpu-amd.nix
./kvm.nix
./printer.nix
./samba.nix
./smb-mount-fsrv.nix
./smb-mount-nas.nix
#./wacom.nix
];
}

39
nixos_24.11_wlin001/system/gpu-amd.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, pkgs, ... }:
{
boot.initrd.kernelModules = [ "amdgpu" ];
# Enable amdgpu
services.xserver = {
videoDrivers = [ "amdgpu" ];
deviceSection = ''Option "TearFree" "true"'';
};
hardware.graphics = {
enable = true;
enable32Bit = true;
};
# Enable AMDVLK and OpenCL
hardware.graphics.extraPackages = with pkgs; [
amdvlk
rocmPackages.clr.icd
];
hardware.graphics.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
];
environment.systemPackages = with pkgs; [
#lact # Linux AMDGPU Controller
libdrm
vulkan-loader
vulkan-tools
vkbasalt
radeontop
xorg.xf86videoamdgpu
];
#systemd.packages = with pkgs; [ lact ];
#systemd.services.lactd.wantedBy = ["multi-user.target"];
}

59
nixos_24.11_wlin001/system/kvm.nix Normal file
View File

@ -0,0 +1,59 @@
{ config, pkgs, ... }:
{
boot.kernelParams = [ "amd_iommu=on" "pcie_aspm=off" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModprobeConfig = "options kvm_amd nested=1";
# Enable dconf (System Management Tool)
# programs.dconf.enable = true;
# Add user to libvirtd group
users.users.zulumann.extraGroups = [ "libvirtd" "kvm" ];
# Install necessary packages
environment.systemPackages = with pkgs; [
libvirt
qemu
qemu_kvm
OVMFFull
virt-manager
virt-viewer
spice spice-gtk
spice-protocol
adwaita-icon-theme
python3
iproute2
bridge-utils
];
# Manage the virtualisation services
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
};
};
spiceUSBRedirection.enable = true;
};
# Enable VirtioFS
virtualisation.libvirtd.qemu.vhostUserPackages = [ pkgs.virtiofsd ];
environment.sessionVariables.LIBVIRT_DEFAULT_URI = [ "qemu:///system" ];
services.spice-vdagentd.enable = true;
# Enable Bridge-Network
networking.firewall.checkReversePath = false;
networking.interfaces.eth0.useDHCP = true;
networking.interfaces.br-lan.useDHCP = true;
networking.bridges = {
"br-lan" = {
interfaces = [ "eth0" ];
};
};
}

40
nixos_24.11_wlin001/system/printer.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, pkgs, ... }:
{
# Enable CUPS
services.printing = {
enable = true;
#openFirewall = true;
drivers = [
pkgs.brlaser
pkgs.hplipWithPlugin
];
};
services.printing.cups-pdf = {
enable = true;
instances = {
pdf = {
settings = {
Out = "\${HOME}/Cups-pdf";
UserUMask = "0033";
};
};
};
};
# Enable Sane
hardware.sane = {
enable = true;
extraBackends = [ pkgs.hplipWithPlugin ];
};
users.users.zulumann.extraGroups = ["scanner" "lp"];
networking.firewall = {
allowedTCPPorts = [ 80 427 443 515 631 8080 9100 6566 ];
allowedUDPPorts = [ 427 3702 5353 ];
};
}

116
nixos_24.11_wlin001/system/samba.nix Normal file
View File

@ -0,0 +1,116 @@
{ config, pkgs, ... }:
{
services.samba = {
enable = true;
# securityType = "user";
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server role" = "standalone server";
"server string" = "wlin001-nixos";
"netbios name" = "wlin001-nixos";
"global.security" = "user";
"min protocol" = "smb3_11";
"max protocol" = "smb3_11";
"wide links" = "no";
"follow symlinks" = "no";
#### Networking ####
"bind interfaces only" = "yes";
"interfaces" = "lo br-lan eth0";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.10.0/24 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
### Browsing election options ###
"wins support" = "no";
"name resolve order" = "host bcast lmhosts";
"multicast dns register" = "yes";
"dns proxy" = "yes";
####### Authentication #######
"guest account" = "zulumann";
"map to guest" = "bad user";
### Tuning ###
"socket options" = "TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_RCVBUF=131072 SO_SNDBUF=131072";
"use sendfile" = "yes";
"getwd cache" = "yes";
"stat cache" = "yes";
"min receivefile size" = "16384";
"write raw" = "yes";
"read raw" = "yes";
"max xmit" = "32768";
"deadtime" = "15";
"keepalive" = "150";
"sync always" = "no";
"large readwrite" = "yes";
"strict sync" = "no";
"strict allocate" = "yes";
"strict locking" = "auto";
"server multi channel support" = "yes";
"aio write size" = "1";
"aio read size" = "1";
"idmap cache time" = "604";
#### Debugging ####
"log level" = "1";
"log file" = "/var/log/samba/log.%m";
"max log size" = "1000";
"logging" = "file";
"panic action" = "/usr/share/samba/panic-action %d";
};
"Share" = {
"path" = "/home/zulumann/Share-SMB";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes";
"public" = "yes";
"writable" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
};
"Private" = {
"path" = "/home/zulumann/Share-Priv";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
#"force user" = "zulumann";
#"force group" = "zulumann";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.avahi.extraServiceFiles = {
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h - SMB/CIFS</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
}
# User Authentication
# For a user called my_userto be authenticated on the samba server, you must add their password using
# sudo smbpasswd -a my_user

78
nixos_24.11_wlin001/system/smb-mount-fsrv.nix Normal file
View File

@ -0,0 +1,78 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [ pkgs.cifs-utils ];
fileSystems."/mnt/fileserver01/Appz" = {
device = "//192.168.10.52/appz/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/fileserver01/Backup" = {
device = "//192.168.10.52/backup/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/fileserver01/Dateien" = {
device = "//192.168.10.52/dateien/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/fileserver01/Downloads" = {
device = "//192.168.10.52/downloads/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/fileserver01/ISOs" = {
device = "//192.168.10.52/isos/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/fileserver01/Multimedia" = {
device = "//192.168.10.52/multimedia/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/fileserver01/Public" = {
device = "//192.168.10.52/public/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/fileserver01/Share" = {
device = "//192.168.10.52/share/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
}

132
nixos_24.11_wlin001/system/smb-mount-nas.nix Normal file
View File

@ -0,0 +1,132 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [ pkgs.cifs-utils ];
fileSystems."/mnt/nas/Audio" = {
device = "//192.168.10.90/audio/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Appz" = {
device = "//192.168.10.90/appz/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Backup" = {
device = "//192.168.10.90/backup/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Files" = {
device = "//192.168.10.90/files/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Downloads" = {
device = "//192.168.10.90/downloads/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Emulator" = {
device = "//192.168.10.90/emulator/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Games" = {
device = "//192.168.10.90/games/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/ISO" = {
device = "//192.168.10.90/iso/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Multimedia" = {
device = "//192.168.10.90/multimedia/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Public" = {
device = "//192.168.10.90/public/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Share" = {
device = "//192.168.10.90/share/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/Work" = {
device = "//192.168.10.90/work/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/XXX" = {
device = "//192.168.10.90/xxx/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
fileSystems."/mnt/nas/homes" = {
device = "//192.168.10.90/homes/";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,users";
in ["${automount_opts},credentials=/etc/nixos/secrets/samba-secrets,uid=1000,gid=100"];
};
}

40
nixos_24.11_wlin001/system/tweaks/16GB-SYSTEM.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, ... }:
# Control how and when data is written from memory to disk, which can have an impact on system performance and responsiveness.
# useful for optimizing memory usage, disk writeback behavior, network settings, and other low-level kernel behaviors.
{
boot.kernelModules = ["tcp_bbr"];
boot.kernel.sysctl = {
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_fastopen" = "3";
#---------------------------------------------------------------------
# Network and memory-related optimizationss for desktop 16GB
#---------------------------------------------------------------------
"kernel.sysrq" = 1; # Enable SysRQ for rebooting the machine properly if it freezes. [Source](https://oglo.dev/tutorials/sysrq/index.html)
"net.core.netdev_max_backlog" = 30000; # Help prevent packet loss during high traffic periods.
"net.core.rmem_default" = 262144; # Default socket receive buffer size, improve network performance & applications that use sockets. Adjusted for 16GB RAM.
"net.core.rmem_max" = 33554432; # Maximum socket receive buffer size, determine the amount of data that can be buffered in memory for network operations. Adjusted for 16GB RAM.
"net.core.wmem_default" = 262144; # Default socket send buffer size, improve network performance & applications that use sockets. Adjusted for 16GB RAM.
"net.core.wmem_max" = 33554432; # Maximum socket send buffer size, determine the amount of data that can be buffered in memory for network operations. Adjusted for 16GB RAM.
"net.ipv4.ipfrag_high_threshold" = 5242880; # Reduce the chances of fragmentation. Adjusted for SSD.
"net.ipv4.tcp_keepalive_intvl" = 30; # TCP keepalive interval between probes to detect if a connection is still alive.
"net.ipv4.tcp_keepalive_probes" = 5; # TCP keepalive probes to detect if a connection is still alive.
"net.ipv4.tcp_keepalive_time" = 300; # TCP keepalive interval in seconds to detect if a connection is still alive.
"vm.dirty_background_bytes" = 134217728; # 128 MB
"vm.dirty_bytes" = 402653184; # 384 MB
"vm.min_free_kbytes" = 65536; # Minimum free memory for safety (in KB), helping prevent memory exhaustion situations. Adjusted for 16GB RAM.
"vm.swappiness" = 10; # Adjust how aggressively the kernel swaps data from RAM to disk. Lower values prioritize keeping data in RAM. Adjusted for 16GB RAM.
"vm.vfs_cache_pressure" = 90; # Adjust vfs_cache_pressure (0-1000) to manage memory used for caching filesystem objects. Adjusted for 16GB RAM.
# Nobara Tweaks
"fs.aio-max-nr" = 1000000; # defines the maximum number of asynchronous I/O requests that can be in progress at a given time. 1048576
"fs.inotify.max_user_watches" = 65536; # sets the maximum number of file system watches, enhancing file system monitoring capabilities. Default: 8192 TWEAKED: 524288
"kernel.panic" = 5; # Reboot after 5 seconds on kernel panic Default: 0
"kernel.pid_max" = 131072; # allows a large number of processes and threads to be managed Default: 32768 TWEAKED: 4194304
};
}

40
nixos_24.11_wlin001/system/tweaks/32GB-SYSTEM.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, ... }:
# Control how and when data is written from memory to disk, which can have an impact on system performance and responsiveness.
# useful for optimizing memory usage, disk writeback behavior, network settings, and other low-level kernel behaviors.
{
boot.kernelModules = ["tcp_bbr"];
boot.kernel.sysctl = {
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_fastopen" = "3";
#---------------------------------------------------------------------
# Network and memory-related optimizationss for 32GB
#---------------------------------------------------------------------
"kernel.sysrq" = 1; # Enable SysRQ for rebooting the machine properly if it freezes. [Source](https://oglo.dev/tutorials/sysrq/index.html)
"net.core.netdev_max_backlog" = 30000; # Help prevent packet loss during high traffic periods.
"net.core.rmem_default" = 262144; # Default socket receive buffer size, improve network performance & applications that use sockets. Adjusted for 32GB RAM.
"net.core.rmem_max" = 67108864; # Maximum socket receive buffer size, determine the amount of data that can be buffered in memory for network operations. Adjusted for 32GB RAM.
"net.core.wmem_default" = 262144; # Default socket send buffer size, improve network performance & applications that use sockets. Adjusted for 32GB RAM.
"net.core.wmem_max" = 67108864; # Maximum socket send buffer size, determine the amount of data that can be buffered in memory for network operations. Adjusted for 32GB RAM.
"net.ipv4.ipfrag_high_threshold" = 5242880; # Reduce the chances of fragmentation. Adjusted for SSD.
"net.ipv4.tcp_keepalive_intvl" = 10; # TCP keepalive interval between probes to detect if a connection is still alive.
"net.ipv4.tcp_keepalive_probes" = 5; # TCP keepalive probes to detect if a connection is still alive.
"net.ipv4.tcp_keepalive_time" = 60; # TCP keepalive interval in seconds to detect if a connection is still alive.
"vm.dirty_background_bytes" = 134217728; # 128 MB
"vm.dirty_bytes" = 402653184; # 384 MB
"vm.min_free_kbytes" = 65536; # Minimum free memory for safety (in KB), helping prevent memory exhaustion situations. Adjusted for 32GB RAM.
"vm.swappiness" = 5; # Adjust how aggressively the kernel swaps data from RAM to disk. Lower values prioritize keeping data in RAM. Adjusted for 32GB RAM.
"vm.vfs_cache_pressure" = 90; # Adjust vfs_cache_pressure (0-1000) to manage memory used for caching filesystem objects. Adjusted for 32GB RAM.
# Nobara Tweaks
"fs.aio-max-nr" = 1000000; # defines the maximum number of asynchronous I/O requests that can be in progress at a given time. 1048576
"fs.inotify.max_user_watches" = 65536; # sets the maximum number of file system watches, enhancing file system monitoring capabilities. Default: 8192 TWEAKED: 524288
"kernel.panic" = 5; # Reboot after 5 seconds on kernel panic Default: 0
"kernel.pid_max" = 131072; # allows a large number of processes and threads to be managed Default: 32768 TWEAKED: 4194304
};
}

33
nixos_24.11_wlin001/system/tweaks/4GB-SYSTEM.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, ... }:
# Control how and when data is written from memory to disk, which can have an impact on system performance and responsiveness.
# useful for optimizing memory usage, disk writeback behavior, network settings, and other low-level kernel behaviors.
{
boot.kernelModules = ["tcp_bbr"];
boot.kernel.sysctl = {
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_fastopen" = "3";
#---------------------------------------------------------------------
# Network and memory-related optimizationss for 4GB
#---------------------------------------------------------------------
"kernel.sysrq" = 1; # Enable SysRQ for rebooting the machine properly if it freezes. [Source](https://oglo.dev/tutorials/sysrq/index.html)
"net.core.netdev_max_backlog" = 30000; # Help prevent packet loss during high traffic periods.
"net.core.rmem_default" = 131072; # Default socket receive buffer size, improving network performance and applications that use sockets.
"net.core.rmem_max" = 16777216; # Maximum socket receive buffer size, determining the amount of data that can be buffered in memory for network operations.
"net.core.wmem_default" = 131072; # Default socket send buffer size, improving network performance and applications that use sockets.
"net.core.wmem_max" = 16777216; # Maximum socket send buffer size, determining the amount of data that can be buffered in memory for network operations.
"net.ipv4.ipfrag_high_threshold" = 8388608; # Reduce the chances of fragmentation.
"net.ipv4.tcp_keepalive_intvl" = 30; # TCP keepalive interval between probes to detect if a connection is still alive.
"net.ipv4.tcp_keepalive_probes" = 5; # TCP keepalive probes to detect if a connection is still alive.
"net.ipv4.tcp_keepalive_time" = 60; # TCP keepalive interval in seconds to detect if a connection is still alive.
"vm.dirty_background_bytes" = 8388608; # Data (8 MB) modified in memory and needs to be written to disk. (Adjusted for 4GB RAM)
"vm.dirty_bytes" = 25165824; # Data (24 MB) modified in memory and needs to be written to disk. (Adjusted for 4GB RAM)
"vm.min_free_kbytes" = 32768; # Minimum free memory for safety (in KB), helping prevent memory exhaustion situations. (Adjusted for 4GB RAM)
"vm.swappiness" = 20; # Adjust how aggressively the kernel swaps data from RAM to disk. Lower values prioritize keeping data in RAM. (Adjusted for 4GB RAM)
"vm.vfs_cache_pressure" = 100; # Adjust vfs_cache_pressure (0-1000) to manage memory used for caching filesystem objects. (Adjusted for 4GB RAM)
};
}

131
nixos_24.11_wlin001/system/tweaks/8GB-SYSTEM.nix Normal file
View File

@ -0,0 +1,131 @@
{ config, ... }:
# Control how and when data is written from memory to disk, which can have an impact on system performance and responsiveness.
# useful for optimizing memory usage, disk writeback behavior, network settings, and other low-level kernel behaviors.
{
boot.kernelModules = ["tcp_bbr"];
boot.kernel.sysctl = {
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_fastopen" = "3";
#---------------------------------------------------------------------
# Network and memory-related optimizationss for 8GB
#---------------------------------------------------------------------
"kernel.sysrq" = 1; # Enable SysRQ for rebooting the machine properly if it freezes. [Source](https://oglo.dev/tutorials/sysrq/index.html)
"net.core.netdev_max_backlog" = 30000; # Help prevent packet loss during high traffic periods.
"net.core.rmem_default" = 262144; # Default socket receive buffer size, improve network performance & applications that use sockets. Adjusted for 8GB RAM.
"net.core.rmem_max" = 33554432; # Maximum socket receive buffer size, determine the amount of data that can be buffered in memory for network operations. Adjusted for 8GB RAM.
"net.core.wmem_default" = 262144; # Default socket send buffer size, improve network performance & applications that use sockets. Adjusted for 8GB RAM.
"net.core.wmem_max" = 33554432; # Maximum socket send buffer size, determine the amount of data that can be buffered in memory for network operations. Adjusted for 8GB RAM.
"net.ipv4.ipfrag_high_threshold" = 5242880; # Reduce the chances of fragmentation. Adjusted for SSD.
"net.ipv4.tcp_keepalive_intvl" = 30; # TCP keepalive interval between probes to detect if a connection is still alive.
"net.ipv4.tcp_keepalive_probes" = 5; # TCP keepalive probes to detect if a connection is still alive.
#"net.ipv4.tcp_keepalive_time" = 300; # TCP keepalive interval in seconds to detect if a connection is still alive.
"net.ipv4.tcp_keepalive_time" = "60"; # TCP keepalive interval in seconds to detect if a connection is still alive.
"vm.dirty_background_bytes" = 134217728; # 128 MB
"vm.dirty_bytes" = 402653184; # 384 MB
"vm.min_free_kbytes" = 131072; # Minimum free memory for safety (in KB), helping prevent memory exhaustion situations. Adjusted for 8GB RAM.
"vm.swappiness" = 10; # Adjust how aggressively the kernel swaps data from RAM to disk. Lower values prioritize keeping data in RAM. Adjusted for 8GB RAM.
"vm.vfs_cache_pressure" = 90; # Adjust vfs_cache_pressure (0-1000) to manage memory used for caching filesystem objects. Adjusted for 8GB RAM.
# Nobara Tweaks
"fs.aio-max-nr" = 1000000; # defines the maximum number of asynchronous I/O requests that can be in progress at a given time. 1048576
"fs.inotify.max_user_watches" = 65536; # sets the maximum number of file system watches, enhancing file system monitoring capabilities. Default: 8192 TWEAKED: 524288
"kernel.panic" = 5; # Reboot after 5 seconds on kernel panic Default: 0
"kernel.pid_max" = 131072; # allows a large number of processes and threads to be managed Default: 32768 TWEAKED: 4194304
};
}
# -----------------------------------------------------------------
# Summary of my configuration
# -----------------------------------------------------------------
# Network Performance Settings:
# ----------------------------------------------
# "net.core.rmem_default" = 16 MB
# "net.core.rmem_max" = 16 MB
# "net.core.wmem_default" = 16 MB
# "net.core.wmem_max" = 16 MB
# These settings define the default and maximum socket buffer sizes for receiving and sending data, improving network performance and benefiting applications that use sockets.
# TCP Keepalive Settings:
# ----------------------------------------------
# "net.ipv4.tcp_keepalive_intvl" = 30 seconds
# "net.ipv4.tcp_keepalive_probes" = 5 probes
# "net.ipv4.tcp_keepalive_time" = 300 seconds
# These settings configure TCP keepalive parameters, which are used to detect if a network connection is still alive.
# Disk Write Behavior Settings:
# ----------------------------------------------
# "vm.dirty_background_bytes" = 16 MB
# "vm.dirty_bytes" = 48 MB
# These settings control how much modified data in memory needs to be written to disk. Lower values can lead to more frequent writes.
# Memory Safety Setting:
# ----------------------------------------------
# "vm.min_free_kbytes" = 65,536 KB
# This setting specifies the minimum amount of free memory in kilobytes, helping to prevent memory exhaustion situations.
# Swappiness Setting:
# ----------------------------------------------
# "vm.swappiness" = 1
# This setting determines how aggressively the kernel swaps data from RAM to disk. Lower values prioritize keeping data in RAM, suitable for systems with ample memory.
# Cache Pressure Setting:
# ----------------------------------------------
# "vm.vfs_cache_pressure" = 50
# This setting adjusts vfs_cache_pressure (0-1000), influencing how the kernel reclaims memory used for caching filesystem objects.
# Customize these settings based on your system's requirements and performance goals, check below for extra info.
# Values explained:
# "vm.vfs_cache_pressure" = 50; Adjust vfs_cache_pressure (0-1000)
# -----------------------------------------------------------------
# 4GB RAM: 50 - 60 [ Lower values like 50 or 60 can be a good starting point for systems with 4GB of RAM to retain data in cache for improved file system access times ]
# 8GB RAM: 60 - 80 [ Values around 60 to 80 are reasonable for 8GB of RAM, as you can still afford to keep more data in cache for better performance ]
# 16GB RAM: 70 - 80 [ Lower values like 70 or 80 can be used to keep data in cache longer for systems with 16GB of RAM ]
# 32GB RAM: 80 - 90 [ Values around 80 or 90 are suitable for systems with 32GB of RAM, allowing more data to stay in cache ]
# 64GB RAM or More: 90 - 100 [ Lower values like 90 or 100 can minimize cache eviction for systems with very high memory, such as 64GB or more ]
# Low Values (e.g., 10-100):
# Situations where you have a lot of available RAM.
# When you want to optimize filesystem access times by keeping more data in cache.
# Systems with large file datasets that can benefit from a larger cache.
# High Values (e.g., 500-1000):
# Systems with limited RAM resources.
# Servers or virtual machines where memory availability is critical.
# When you want to ensure that cached memory is released more aggressively for other applications.
# vm.swappiness = <Recommended Value>
# ----------------------------------------------
# Adjusts how aggressively the kernel swaps data from RAM to disk.
# - For systems with 4GB RAM, consider a low value (1-10) to prioritize keeping data in RAM.
# - For systems with 8GB RAM, use a moderate value (10-30) for a balance between RAM usage and swapping.
# - For systems with 16GB to 28GB RAM, aim for a moderate value (10-30) to optimize performance.
# - For systems with 32GB or more RAM, a slightly higher value (30-60) may be suitable.
# Monitor system performance and adjust as needed based on your workload and available RAM.
# CALCULATIONS: ( Schooling )
# ----------------------------------------------
# 1 MB (megabyte) = 1048576 bytes
# To convert bytes to megabytes, divide the number of bytes by 1048576.
# Here's how the calculations work for the values provided:
# For "vm.dirty_background_bytes":
# 16777216 bytes ÷ 1048576 bytes/MB = 16 MB
# For "vm.dirty_bytes":
# 50331648 bytes ÷ 1048576 bytes/MB = 48 MB
# These calculations provide the approximate size in megabytes for the specified values.
# The values "vm.dirty_background_bytes" and "vm.dirty_bytes" control how much dirty data (data that has been modified but not yet written to disk)
# can accumulate in the system's cache before it's flushed to disk. Lowering these values, as done here, results in more frequent disk writes,
# which can be useful when you need data to be quickly written to a USB drive.

11
nixos_24.11_wlin001/system/tweaks/default.nix Normal file
View File

@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
imports = [
#./4GB-SYSTEM.nix
#./8GB-SYSTEM.nix
#./16GB-SYSTEM.nix
./32GB-SYSTEM.nix
./ssd-tweaks.nix
];
}

19
nixos_24.11_wlin001/system/tweaks/hdd-tweak.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, ... }:
# Control how and when data is written from memory to disk, which can have an impact on system performance and responsiveness.
# useful for optimizing memory usage, disk writeback behavior, network settings, and other low-level kernel behaviors.
{
boot.kernel.sysctl = {
#---------------------------------------------------------------------
# HDD tweaks: Adjust settings for an HDD to optimize performance.
#---------------------------------------------------------------------
"vm.dirty_background_ratio" = "10"; # Set the ratio of dirty memory at which background writeback starts (10% for HDD).
"vm.dirty_expire_centisecs" = "6000"; # Set the time at which dirty data is old enough to be eligible for writeout (6000 centiseconds for HDD).
"vm.dirty_ratio" = "20"; # Set the ratio of dirty memory at which a process is forced to write out dirty data (20% for HDD).
"vm.dirty_time" = "0"; # Disable dirty time accounting.
"vm.dirty_writeback_centisecs" = "1000"; # Set the interval between two consecutive background writeback passes (1000 centiseconds for HDD).
};
}

18
nixos_24.11_wlin001/system/tweaks/ssd-tweaks.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, ... }:
{
boot.kernel.sysctl = {
#---------------------------------------------------------------------
# SSD tweaks: Adjust settings for an SSD to optimize performance.
#---------------------------------------------------------------------
"vm.dirty_background_ratio" = "40"; # Set the ratio of dirty memory at which background writeback starts (5%). Adjusted for SSD.
"vm.dirty_expire_centisecs" = "3000"; # Set the time at which dirty data is old enough to be eligible for writeout (6000 centiseconds). Adjusted for SSD.
"vm.dirty_ratio" = "80"; # Set the ratio of dirty memory at which a process is forced to write out dirty data (10%). Adjusted for SSD.
"vm.dirty_time" = "0"; # Disable dirty time accounting.
"vm.dirty_writeback_centisecs" = "300"; # Set the interval between two consecutive background writeback passes (500 centiseconds)
};
services.fstrim.enable = true;
}

11
nixos_24.11_wlin001/system/wacom.nix Normal file
View File

@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
services.xserver.wacom.enable = true;
environment.systemPackages = with pkgs; [
libwacom # Libraries, configuration, and diagnostic tools for Wacom tablets
];
}