mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

temp commit

Browse Source
This commit is contained in:
mjallen18
2025-07-16 19:57:33 -05:00
parent 1a254d12c7
commit 6c7c76887b
89 changed files with 4356 additions and 2822 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
systems/x86_64-linux/desktop/boot.nix Executable file
View File

@@ -0,0 +1,71 @@
{ config, pkgs, ... }:
let
configLimit = 5;
# default = "@saved";
kernel = pkgs.linuxPackages_cachyos;
pkgsVersion = pkgs; #.unstable;
in
{
# Configure bootloader with lanzaboot and secureboot
boot = {
kernelModules = [
"nct6775"
"kvm-amd"
"i2c-dev"
"ddcci_backlight"
];
extraModulePackages = [config.boot.kernelPackages.ddcci-driver];
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
initrd = {
verbose = false;
systemd.enable = true;
availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usbhid"
"uas"
"usb_storage"
"sd_mod"
];
};
plymouth = {
enable = true;
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
# default = default;
console-mode = "max";
};
configurationLimit = configLimit;
};
kernelPackages = kernel;
kernelParams = [
"quiet"
# needed cause ssd powersaving is broken af I guess
"nvme_core.default_ps_max_latency_us=0"
"pcie_aspm=off"
];
consoleLogLevel = 3;
bootspec.enable = true;
};
zramSwap.enable = true;
environment.systemPackages = with pkgsVersion; [
edk2-uefi-shell
];
}

118
systems/x86_64-linux/desktop/configuration.nix Executable file
View File

@@ -0,0 +1,118 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
lib,
pkgs,
inputs,
...
}:
let
pkgsVersion = pkgs; #.unstable;
environmentVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";
EDITOR = "${pkgs.vscodium}/bin/codium --wait";
VISUAL = "${pkgs.vscodium}/bin/codium --wait";
};
systemPackages = with pkgsVersion; [
acpilight
aha
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
borgbackup
brightnessctl
# brscan5
ddcui
ddcutil
ddccontrol
ddccontrol-db
efibootmgr
kdePackages.ksvg
memtest86-efi
memtest86plus
os-prober
nil
qemu_full
rclone
rclone-browser
restic
restic-browser
restic-integrity
sane-frontends
sbctl
tpm2-tools
tpm2-tss
udisks2
unzip
winetricks
inputs.desktop-lsfg.packages."x86_64-linux".default
];
in
{
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev"
];
trusted-public-keys = [
"cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
];
};
};
chaotic.mesa-git.enable = false;
# Environment configuration
environment = {
systemPackages = systemPackages;
variables = environmentVariables;
};
# Hardware configuration
hardware = {
# Enable the QMK firmware flashing tool.
keyboard = {
qmk.enable = true;
};
# Enable Sane and Brother printer support.
sane = {
enable = true;
brscan5.enable = false;
# extraBackends = [ pkgsVersion.brscan5 ];
};
};
# Common Configuration
share = {
gaming.enable = true;
hardware.amd = {
enable = lib.mkDefault true;
lact.enable = lib.mkDefault true;
};
};
programs.coolercontrol.enable = true;
# Time configuration
time = {
hardwareClockInLocalTime = lib.mkDefault false;
};
# Virtualisation configuration
virtualisation = {
libvirtd.enable = lib.mkDefault true;
podman.enable = true;
waydroid.enable = lib.mkDefault true;
};
services.udev.extraRules = ''
KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
'';
}

36
systems/x86_64-linux/desktop/default.nix Normal file
View File

@@ -0,0 +1,36 @@
{ # Snowfall Lib provides a customized `lib` instance with access to your flake's library
# as well as the libraries available from your flake's inputs.
lib,
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs,
# You also have access to your flake's inputs.
inputs,
# Additional metadata is provided by Snowfall Lib.
namespace, # The namespace used for your flake, defaulting to "internal" if not set.
system, # The system architecture for this host (eg. `x86_64-linux`).
target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
format, # A normalized name for the system target (eg. `iso`).
virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
systems, # An attribute map of your defined hosts.
# All other arguments come from the system system.
config,
...
}:
{
imports = [
./boot.nix
./filesystems.nix
./hardware-configuration.nix
./networking.nix
./nix.nix
./services.nix
./sops.nix
./users.nix
({ ... }: {
_module.args.hyprlandSettings = import ./hyprland-settings.nix;
})
];
}

59
systems/x86_64-linux/desktop/filesystems.nix Executable file
View File

@@ -0,0 +1,59 @@
{ ... }:
let
defaultNetworkShareOptions = [
"sec=none"
"nofail"
"x-systemd.automount"
"auto"
"rw"
"file_mode=0775"
"dir_mode=0775"
"uid=matt"
"gid=wheel"
];
defaultLocalOptions = [
"compress=zstd"
# "autodefrag"
"nofail"
# "x-systemd.automount"
# "auto"
"rw"
];
in
{
fileSystems = {
"/media/matt/Steam" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1";
options = [
"subvol=steam"
"noatime"
] ++ defaultLocalOptions;
};
"/media/matt/Heroic" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1";
options = [
"subvol=heroic"
"noatime"
] ++ defaultLocalOptions;
};
# Network shares
"/media/nas/backup" = {
device = "//10.0.1.3/Backup";
fsType = "cifs";
options = defaultNetworkShareOptions;
};
"/media/nas/isos" = {
device = "//10.0.1.3/isos";
fsType = "cifs";
options = defaultNetworkShareOptions;
};
"/media/nas/3d_printer" = {
device = "//10.0.1.3/3d_printer";
fsType = "cifs";
options = defaultNetworkShareOptions;
};
};
}

95
systems/x86_64-linux/desktop/hardware-configuration.nix Executable file
View File

@@ -0,0 +1,95 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
let
defeaultBtrfsOptions = [
"compress=zstd"
"autodefrag"
];
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = [
"defaults"
"size=25%"
"mode=755"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=nix"
"noatime"
] ++ defeaultBtrfsOptions;
};
fileSystems."/etc" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=etc"
"noatime"
] ++ defeaultBtrfsOptions;
};
fileSystems."/root" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=root"
"noatime"
] ++ defeaultBtrfsOptions;
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=log"
"noatime"
] ++ defeaultBtrfsOptions;
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [
"subvol=home"
] ++ defeaultBtrfsOptions;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/216E-A7AC";
fsType = "vfat";
};
swapDevices = [
{
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_1TB_S5P2NS0T307907H-part2";
randomEncryption.enable = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

67
systems/x86_64-linux/desktop/home.nix Executable file
View File

@@ -0,0 +1,67 @@
{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
};
in
{
home.username = "matt";
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/desktop-nixos" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/desktop-nixos" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
};
};
services = {
remmina = {
enable = true;
addRdpMimeTypeAssoc = true;
};
};
programs = {
password-store.enable = true;
zsh.shellAliases = shellAliases;
};
home.packages = with pkgs; [
bottles
unstable.compose2nix
discord
distrobox
heroic
stable.vmware-horizon-client
jq
lutris
lzip
morph
orca-slicer
piper
prismlauncher
protontricks
protonvpn-gui
python3
qmk
smile
unigine-heaven
via
virt-manager
vorta
waydroid-helper
];
}

97
systems/x86_64-linux/desktop/hyprland-settings.nix Normal file
View File

@@ -0,0 +1,97 @@
let
theme = import ../../modules/nixos/hyprland/theme.nix;
defaultOpacity = theme.waybar.defaultOpacity;
defaultBorderRadius = theme.waybar.defaultBorderRadius;
defaultCenterOptions = theme.waybar.defaultCenterOptions;
borderLeft = theme.waybar.borderLeft;
borderRight = theme.waybar.borderRight;
# Displays
displayLeft = {
input = "DP-1";
resolution = "3840x2160";
refreshRate = "240.00000";
};
displayRight = {
input = "DP-2";
resolution = "3840x2160";
refreshRate = "240.00000";
};
in
{
primaryDisplay = displayLeft;
networkInterface = "wlp9s0";
wallpaper = [
"${displayLeft.input}, /run/wallpaper.jpg"
"${displayRight.input}, /run/wallpaper.jpg"
];
monitor = [
"${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
"${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98"
];
workspace = [
"name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
"name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 7680, tag:horizonrdp"
];
extraConfig = ''
exec-once = nm-applet
exec-once = [silent] firefox
exec-once = [silent] vesktop
exec-once = [silent] chromium --app="https://music.apple.com"
exec-once = [silent] steam
'';
waybar = {
layer = "bottom";
modules-right = [
"tray"
"custom/lights"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
"wireplumber#source"
"bluetooth"
"network"
"idle_inhibitor"
"clock"
"custom/weather"
];
extraModules = {
"custom/lights" = {
tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights";
interval = "once";
format = "{text}";#"󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json";
};
};
extraModulesStyle = ''
#custom-lights {
color: ${theme.nord.frost.nord8};
background-color: ${theme.nord.polarNight.nord0};
${defaultOpacity}
${borderLeft}
}
#custom-lights:hover {
background: ${theme.nord.polarNight.nord3};
}
'';
};
}

46
systems/x86_64-linux/desktop/networking.nix Executable file
View File

@@ -0,0 +1,46 @@
{ lib, config, ... }:
let
hostname = "matt-nixos";
in
{
# Networking configs
networking = {
hostName = lib.mkDefault hostname;
# Enable Network Manager
networkmanager = {
enable = lib.mkDefault true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
}

33
systems/x86_64-linux/desktop/nix.nix Normal file
View File

@@ -0,0 +1,33 @@
{ lib, ... }:
let
user = "matt";
in
{
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev/nas-cache"
];
trusted-public-keys = [
"nas-cache:5ibTWOXJYlKBaoNtdDEPmvdLPtfnbwf9jvdnfwi5dUs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ user ];
};
# settings.builders-use-substitutes = true;
# distributedBuilds = true;
buildMachines = [
{
hostName = "jallen-nas.local";
system = "x86_64-linux";
maxJobs = 10;
sshUser = "admin";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}
];
};
}

155
systems/x86_64-linux/desktop/services.nix Executable file
View File

@@ -0,0 +1,155 @@
{ config, lib, pkgs, ... }:
let
pkgsVersion = pkgs; #.unstable;
in
{
services = {
# Enable Flatpak
flatpak.enable = lib.mkDefault false;
# enable auto discovery of printers
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
openFirewall = lib.mkDefault true;
};
restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repositoryFile = config.sops.secrets."desktop/restic/repo".path;
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
};
btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
ratbagd.enable = lib.mkDefault true;
keyd = {
enable = false;
keyboards = {
default = {
ids = [ "*" ];
settings = {
main = {
# Use ⌘ key (leftmeta) to activate macOS-like layer
leftmeta = "layer(meta_mac)";
};
meta_mac = {
# Tab switching
tab = "swapm(app_switch_state, M-tab)";
"`" = "A-f6";
# App shortcuts
c = "C-insert"; # Copy
v = "S-insert"; # Paste
x = "S-delete"; # Cut
"1" = "A-1";
"2" = "A-2";
"3" = "A-3";
"4" = "A-4";
"5" = "A-5";
"6" = "A-6";
"7" = "A-7";
"8" = "A-8";
"9" = "A-9";
# Move to line start/end
left = "home";
right = "end";
};
app_switch_state = {
tab = "M-tab";
right = "M-tab";
"`" = "M-S-tab";
left = "M-S-tab";
};
};
};
};
};
};
systemd = {
user.services = {
rclone-home-proton = {
enable = lib.mkDefault false;
path = with pkgsVersion; [
bash
pkgs.rclone
];
script = ''
rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**'
'';
};
rsync-home = {
enable = lib.mkDefault false;
path = with pkgsVersion; [
bash
rsync
openssh
];
script = ''
rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.3:/media/nas/main/backup/desktop-nix/home
'';
};
};
};
}

137
systems/x86_64-linux/desktop/sops.nix Executable file
View File

@@ -0,0 +1,137 @@
{ config, ... }:
let
user = "matt";
in
{
# Permission modes are in octal representation (same as chmod),
# the digits represent: user|group|others
# 7 - full (rwx)
# 6 - read and write (rw-)
# 5 - read and execute (r-x)
# 4 - read only (r--)
# 3 - write and execute (-wx)
# 2 - write only (-w-)
# 1 - execute only (--x)
# 0 - none (---)
# Either a user id or group name representation of the secret owner
# It is recommended to get the user name from `config.users.users.<?name>.name` to avoid misconfiguration
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = ../../secrets/desktop-secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------
# Secrets
# ------------------------------
secrets = {
"desktop/hass_token" = {
mode = "0777";
};
"desktop/matt_password" = {
neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"desktop/restic/user" = {
mode = "0644";
};
"desktop/restic/password" = {
mode = "0600";
};
"desktop/restic/repo" = {
mode = "0600";
};
"wifi" = {
sopsFile = ../../secrets/secrets.yaml;
};
# ------------------------------
# SSH keys
# ------------------------------
"ssh-keys-public/desktop-nixos" = {
sopsFile = ../../secrets/secrets.yaml;
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos" = {
sopsFile = ../../secrets/secrets.yaml;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-public/desktop-nixos-root" = {
sopsFile = ../../secrets/secrets.yaml;
path = "/root/.ssh/id_ed25519.pub";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/desktop-nixos-root" = {
sopsFile = ../../secrets/secrets.yaml;
path = "/root/.ssh/id_ed25519";
mode = "0600";
restartUnits = [ "sshd.service" ];
};
# ------------------------------
# Secureboot keys
# ------------------------------
"secureboot/GUID" = {
sopsFile = ../../secrets/secrets.yaml;
path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = {
sopsFile = ../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = {
sopsFile = ../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = {
sopsFile = ../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = {
sopsFile = ../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = {
sopsFile = ../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = {
sopsFile = ../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
};
# ------------------------------
# Templates
# ------------------------------
templates = {
"restic.env" = {
mode = "0600";
content = ''
RESTIC_REST_USER=${config.sops.placeholder."desktop/restic/user"}
RESTIC_REST_PASSWORD=${config.sops.placeholder."desktop/restic/password"}
'';
restartUnits = [
"restic-backups-jallen-nas.service"
"restic-backups-proton-drive.service"
];
};
};
};
}

26
systems/x86_64-linux/desktop/users.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
let
user = "matt";
passwordFile = config.sops.secrets."desktop/matt_password".path;
pkgsVersion = pkgs; #.unstable;
in
{
users.users."${user}" = {
isNormalUser = lib.mkDefault true;
extraGroups = [
"wheel"
"keys"
"networkmanager"
"ratbagd"
"input"
"scanner"
"lp"
"video"
"i2c"
]; # Enable sudo for the user.
hashedPasswordFile = passwordFile;
shell = pkgsVersion.zsh;
};
users.users.root.shell = pkgsVersion.zsh;
}

101
systems/x86_64-linux/desktop/wifi-fixer.nix Normal file
View File

@@ -0,0 +1,101 @@
{ lib, pkgs, ... }:
let
fixWifiScript = pkgs.writeScriptBin "fix-wifi" ''
#!/usr/bin/env python3
import subprocess
import socket
import logging
from typing import List, Optional
def check_internet_connection(hosts_to_check: Optional[List[str]] = None) -> bool:
"""
Check internet connectivity by attempting to connect to reliable hosts.
:param hosts_to_check: Optional list of hosts to check.
:return: Boolean indicating if internet connection is available
"""
if hosts_to_check is None:
hosts_to_check = [
"8.8.8.8", # Google DNS
"1.1.1.1", # Cloudflare DNS
"9.9.9.9" # Quad9 DNS
]
for host in hosts_to_check:
try:
# Create a socket connection with a 5-second timeout
socket.create_connection((host, 53), timeout=5)
return True
except (socket.error, socket.timeout):
continue
return False
def reset_wifi_card() -> bool:
"""
Execute WiFi card reset commands.
:return: Boolean indicating if reset commands were successful
"""
reset_commands = [
"echo 1 | sudo -u root tee /sys/bus/pci/devices/0000:09:00.0/reset",
"sudo rmmod iwlwifi",
"sudo modprobe iwlwifi"
]
try:
for command in reset_commands:
result = subprocess.run(
command,
shell=True,
check=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
print(f"Executed: {command}")
print(f"Output: {result.stdout}")
return True
except subprocess.CalledProcessError as e:
print(f"Error resetting WiFi: {e}")
print(f"Error output: {e.stderr}")
return False
def main():
"""
Check internet connection and reset WiFi if not connected.
"""
if not check_internet_connection():
print("No internet connection detected. Attempting WiFi reset...")
reset_wifi_card()
else:
print("Internet connection is stable. No reset needed.")
if __name__ == "__main__":
main()
'';
pkgsVersion = pkgs; #.unstable;
in
{
systemd = {
services = {
fix-wifi = {
enable = lib.mkDefault true;
path = with pkgsVersion; [
bash
python3
networkmanager
kmod
fixWifiScript
];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = [ "${fixWifiScript}/bin/fix-wifi" ];
};
};
};
};
}