From 5ce1576f0791ad4acec0360174904bcb30100c91 Mon Sep 17 00:00:00 2001 From: jalr Date: Wed, 29 Sep 2021 20:17:49 +0200 Subject: [PATCH] Update cadmium config --- hardware/cadmium.nix | 11 --- machines/cadmium/configuration.nix | 101 ++++++-------------- machines/cadmium/hardware-configuration.nix | 11 ++- obs.nix | 55 ++++------- 4 files changed, 57 insertions(+), 121 deletions(-) diff --git a/hardware/cadmium.nix b/hardware/cadmium.nix index dd2bf71..a8a721d 100644 --- a/hardware/cadmium.nix +++ b/hardware/cadmium.nix @@ -1,15 +1,4 @@ { config, lib, pkgs, ... }: { - boot.initrd.availableKernelModules = [ - "i915" - ]; - - environment.systemPackages = with pkgs; [ - intel-media-driver - libva - libva-utils - libva1 - ]; - hardware.opengl.extraPackages = lib.singleton pkgs.vaapiIntel; } diff --git a/machines/cadmium/configuration.nix b/machines/cadmium/configuration.nix index 53db627..a1daeeb 100644 --- a/machines/cadmium/configuration.nix +++ b/machines/cadmium/configuration.nix @@ -13,18 +13,18 @@ ../../unstable.nix ../../fish.nix ../../autologin.nix - ../../lxc.nix ../../obs.nix ../../pulseaudio.nix ]; - nix.autoOptimiseStore = true; - hardware.cpu.intel.updateMicrocode = true; powerManagement.cpuFreqGovernor = "performance"; - # Use the GRUB 2 boot loader. + nix.autoOptimiseStore = true; + nix.useSandbox = true; + boot = { + kernelParams = [ "radeon.dpm=1" ]; loader = { systemd-boot.enable = true; efi.efiSysMountPoint = "/boot"; @@ -32,14 +32,16 @@ }; initrd = { availableKernelModules = [ - "aes_x86_64" - "aesni_intel" + "aes_generic" "cryptd" + "nvme" + "xhci_pci" ]; luks.devices = { pvcrypt = { - device = "/dev/disk/by-uuid/8b7b67c8-d985-4431-8041-3bf31cc915c8"; + device = "/dev/disk/by-uuid/b706883f-3979-41ea-b72e-497c0ada5092"; preLVM = true; + allowDiscards = true; }; }; }; @@ -54,17 +56,14 @@ firewall = { allowedUDPPorts = [ - 53 - 33580 # wireguard + #53 ]; allowedTCPPorts = [ - 53 + #53 ]; }; extraHosts = '' - 10.10.7.105 staging-transfer-reverseproxy-01-01.sys.tradebyte.com - 185.11.253.218 reststaging.tradebyte.com clientmediastaging.tradebyte.com sftpstaging.tradebyte.com ftpstaging.tradebyte.com ftpsstaging.tradebyte.com rc.staging.tradebyte.com c3p0.staging.tradebyte.com c3p2.staging.tradebyte.com c3p4.staging.tradebyte.com staging.tradebyte.com -10.10.7.30 supportstaging.tradebyte.com + #10.10.10.10 example.com ''; }; @@ -112,7 +111,7 @@ ]; programs.mtr.enable = true; - + programs.gnupg.agent = { enable = true; pinentryFlavor = "gnome3"; @@ -123,11 +122,21 @@ services.ofono.enable = true; services.udisks2.enable = true; - + services.openssh.enable = true; + + # udevadm info --name /dev/foo --query all + services.udev.extraRules = '' - SUBSYSTEM=="video4linux", BUS=="usb", ATTRS{vendor}=="0x046d", ATTRS{device}=="0x085c", NAME="video1" + # mute indicator + SUBSYSTEM=="tty", ATTRS{idVendor}=="1eaf", ATTRS{idProduct}=="6d75", SYMLINK+="mute-indicator" + + # DJI Goggles + SUBSYSTEM=="usb", ATTRS{idVendor}=="2ca3", ATTRS{idProduct}=="001f", GROUP="video", MODE="0660" + + # STLink + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", GROUP="users", MODE="0660" ''; virtualisation = { @@ -141,7 +150,7 @@ security.polkit.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.jal = { + users.users.jalr = { isNormalUser = true; extraGroups = [ "dialout" @@ -154,63 +163,7 @@ shell = pkgs.fish; }; - autologin.username = "jal"; - - networking.wg-quick.interfaces.wgawsjal = { - address = [ "10.254.254.6/30" ]; - privateKeyFile = "/root/wireguard-keys/wgawsjal"; - listenPort = 33580; - #mtu = 1419 - #mtu = 1408 - mtu = 1358; - - peers = [ - { - publicKey = "5B5Ad+C05saQZaVXw7nc9/htshzcPV5Suj2I8P4Ndik="; - endpoint = "3.121.44.55:2048"; - persistentKeepalive = 10; - allowedIPs = [ - "10.254.254.4/30" # tunnel transport - "10.10.7.0/24" # NETWAYS - "10.158.128.0/23" # Approvals (instance.tradebyte.com) - "10.158.224.0/20" # TB.Shift production - "10.158.240.0/20" # TB.Shift development - "10.18.0.0/16" # AWS IT - "10.250.0.0/16" # AWS CCS - #10.10.7.6/32 - #10.10.7.52/32 - #10.10.7.218/32 - #10.10.7.248/32 - ]; - } - ]; - }; - - services.dnsmasq = { - enable = true; - resolveLocalQueries = true; - servers = [ - "194.150.168.168" # dns.as250.net Berlin/Frankfurt - "195.160.173.53" # dnscache.berlin.ccc.de - "46.182.19.48" # digitalcourage - "/sv.tb/192.168.99.17" - "/abc.tb/192.168.99.44" - "/sys.tradebyte.com/10.10.7.64" - "/core.tradebyte.com/10.10.7.64" - "/corp.ad.zalando.net/10.160.19.100" - "/7.10.10.in-addr.arpa/10.10.7.64" - "/develop.sys.tradebyte.com/10.0.3.1" - ]; - extraConfig = '' - no-resolv - interface=lo - listen-address=::1 - listen-address=127.0.0.1 - bind-interfaces - dns-loop-detect - neg-ttl=5 - ''; - }; + autologin.username = "jalr"; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions diff --git a/machines/cadmium/hardware-configuration.nix b/machines/cadmium/hardware-configuration.nix index b86177b..3aa46f7 100644 --- a/machines/cadmium/hardware-configuration.nix +++ b/machines/cadmium/hardware-configuration.nix @@ -14,13 +14,20 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/d6302c3c-1100-4cc4-86d7-fc3a84db9a37"; + #{ device = "/dev/disk/by-uuid/d6302c3c-1100-4cc4-86d7-fc3a84db9a37"; + { device = "/dev/disk/by-uuid/6de83731-af29-4ba2-a0b2-48d3a1f5537e"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/BBF2-C8B1"; + #{ device = "/dev/disk/by-uuid/BBF2-C8B1"; + { device = "/dev/disk/by-uuid/D384-54D8"; fsType = "vfat"; }; + fileSystems."/home" = + { device = "/dev/disk/by-uuid/f14ae966-ac3f-467f-9263-ba9136967782"; + fsType = "ext4"; + noCheck = true; + }; swapDevices = [ ]; diff --git a/obs.nix b/obs.nix index bcd0126..239ba32 100644 --- a/obs.nix +++ b/obs.nix @@ -1,38 +1,25 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: -with lib; - -let - cfg = config.obs; -in { - options.obs = { - kernel.packages = mkOption { - description = "kernel package to use"; - }; - }; - config = { - boot = { - #kernelPackages = pkgs.linuxPackages_latest; - extraModulePackages = [ - #(pkgs.linuxPackages_latest.v4l2loopback.overrideAttrs ({ ... }: { - #(pkgs.linuxPackages_5_9_rt.v4l2loopback.overrideAttrs ({ ... }: { - (cfg.kernel.packages.v4l2loopback.overrideAttrs ({ ... }: { - src = pkgs.fetchFromGitHub { - owner = "umlaeute"; - repo = "v4l2loopback"; - # master 2020-04-17 - rev = "10b1c7e6bda4255fdfaa187ce2b3be13433416d2"; - sha256 = "0xsn4yzj7lwdg0n7q3rnqpz07i9i011k2pwn06hasd45313zf8j2"; - }; - })) - ]; - extraModprobeConfig = '' - options v4l2loopback exclusive_caps=1 video_nr=9 card_label="obs" - ''; - kernelParams = [ "vmalloc=512M" ]; - }; - environment.systemPackages = with pkgs; [ - v4l-utils +{ + boot = { + kernelPackages = pkgs.linuxPackages_latest; + extraModulePackages = [ + (pkgs.linuxPackages_latest.v4l2loopback.overrideAttrs ({ ... }: { + src = pkgs.fetchFromGitHub { + owner = "umlaeute"; + repo = "v4l2loopback"; + # master 2020-04-17 + rev = "10b1c7e6bda4255fdfaa187ce2b3be13433416d2"; + sha256 = "0xsn4yzj7lwdg0n7q3rnqpz07i9i011k2pwn06hasd45313zf8j2"; + }; + })) ]; + kernelModules = [ "v4l2loopback" ]; + extraModprobeConfig = '' + options v4l2loopback exclusive_caps=1 card_label=OBS video_nr=10 + ''; }; + environment.systemPackages = with pkgs; [ + v4l-utils + ]; }