same as the previous but for workstation

2023-09-08 23:38:24 -06:00 · 2023-09-08 23:38:24 -06:00 · 807abf1122
commit 807abf1122
parent 1afa685154
4 changed files with 92 additions and 214 deletions
--- a/workstation/configuration.org
+++ b/workstation/configuration.org
@ -54,8 +54,6 @@ let
    (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
    config = config.nixpkgs.config;
  };
  nixGaming = import
    (builtins.fetchTarball "https://github.com/fufexan/nix-gaming/archive/master.tar.gz");
  jawzManageLibrary = pkgs.writeScriptBin
    "manage-library" (builtins.readFile ./scripts/manage-library.sh);
  jawzTasks = pkgs.writeScriptBin
@ -76,7 +74,6 @@ imports = [
  # ./openldap.nix
  # <agenix/modules/age.nix>
  (import "${home-manager}/nixos")
  nixGaming.nixosModules.pipewireLowLatency
 ];
 #+end_src
@ -93,6 +90,28 @@ Pick *ONLY ONE* of the below networking options.
 networking = {
  hostName = "workstation";
  networkmanager.enable = true;
  extraHosts = ''
               192.168.1.64 battlestation
               '';
  firewall = let
    open_firewall_ports = [
      6969 # HentaiAtHome
      25152 # ssh
      51413 # torrent sedding
      9091 # qbittorrent
      2049 # nfs
    ];
    open_firewall_port_ranges = [
      { from = 1714;  to = 1764; } # kdeconnect
    ];
    in
    {
    enable = true;
    allowedTCPPorts = open_firewall_ports;
    allowedUDPPorts = open_firewall_ports;
    allowedTCPPortRanges = open_firewall_port_ranges;
    allowedUDPPortRanges = open_firewall_port_ranges;
  };
 };
 #+end_src
@ -130,38 +149,12 @@ undesirable packages from installing.
 services = {
  xserver = {
    enable = true;
-    displayManager.gdm.enable = true;
+    # displayManager.gdm.enable = true;
-    desktopManager.gnome.enable = true;
+    # desktopManager.gnome.enable = true;
    layout = "us";
    libinput.enable = true; # Wacom required?
  };
 };
 environment.gnome.excludePackages = (with pkgs; [
  gnome-photos
  gnome-tour
  gnome-text-editor
  gnome-connections
  # gnome-shell-extensions
  baobab
 ])
 ++ (with pkgs.gnome; [
  # totem
  gedit
  gnome-music
  epiphany
  gnome-characters
  yelp
  gnome-font-viewer
  cheese
 ]);
 # Sets up QT to use adwaita themes.
 qt = {
  enable = true;
  platformTheme = "gnome";
  style = "adwaita";
 };
 #+end_src
 * SOUND
@ -172,17 +165,17 @@ latency will require expanding these settings.
 #+begin_src nix
 hardware.pulseaudio.enable = false;
 sound.enable = false;
-services.pipewire = {
+# services.pipewire = {
-  enable = true;
+#   enable = true;
-  alsa.enable = true;
+#   alsa.enable = true;
-  alsa.support32Bit = true;
+#   alsa.support32Bit = true;
-  pulse.enable = true;
+#   pulse.enable = true;
-  lowLatency = {
+#   lowLatency = {
-    enable = true;
+#     enable = true;
-    quantum = 64;
+#     quantum = 64;
-    rate = 48000;
+#     rate = 48000;
-  };
+#   };
-};
+# };
 #+end_src
 * SECURITY
@ -240,114 +233,6 @@ Begin the block to install user packages.
 packages = (with pkgs; [
 #+end_src
 ** GUI PACKAGES
 All of my GUI applications categorized to make it easier to identify what each
 application does, and the justification for is existence on my system.
 *** ART AND DEVELOPMENT
 Art and development applications are together, as a game-developer one of my
 goals is to create a workflow between this ecosystem of applications.
 #+begin_src nix
 blender # cgi animation and sculpting
 godot # game development
 gdtoolkit # gdscript language server
 krita # art to your heart desire!
 # drawpile # arty party with friends!!
 mypaint # not the best art program
 mypaint-brushes # but it's got some
 mypaint-brushes1 # nice damn brushes
 pureref # create inspiration/reference boards
 gimp # the coolest bestest art program to never exist
 #+end_src
 *** GAMING
 So far gaming has been a lot less painful than I could have originally
 anticipated, most everything seems to run seamlessly.
 =note= Roblox uninstalled as there is ongoing drama regarding linux users.
 #+begin_src nix
 lutris
 heroic
 wine64Packages.stable
 wineWowPackages.stable
 winetricks
 vulkan-tools
 # nixGaming.packages.${pkgs.hostPlatform.system}.wine-tkg
 # nixGaming.packages.${pkgs.hostPlatform.system}.wine-discord-ipc-bridge
 # grapejuice # roblox manager
 minecraft # minecraft official launcher
 parsec-bin # remote gaming with friends
 protonup-qt # update proton-ge
 #+end_src
 *** PRODUCTIVITY
 This is the section where the apps that help me be productive come, a lot of
 this are not used as often as I wish…
 #+begin_src nix
 libreoffice-fresh # office, but based
 calibre # ugly af eBook library manager
 foliate # gtk eBook reader
 newsflash # feed reader, syncs with nextcloud
 wike # gtk wikipedia wow!
 unstable.furtherance # I made this one tehee track time utility
 gnome.simple-scan # scanner
 #+end_src
 *** MISC
 Most of these apps, are part of the gnome circle, and I decide to install them
 if just for a try and play a little.
 #+begin_src nix
 # sequeler # friendly SQL client
 blanket # background noise
 # czkawka # duplicate finder
 pika-backup # backups
 gnome-obfuscate # censor private information
 metadata-cleaner # remove any metadata and geolocation from files
 gnome-recipes # migrate these to mealie and delete
 denaro # manage your finances
 # celeste # sync tool for any cloud provider
 libgda # for pano shell extension
 #+end_src
 *** MULTIMEDIA
 Overwhelmingly player applications, used for videos and music, while most of my
 consumption has moved towards jellyfin, it's still worth the install of most
 of these, for now.
 #+begin_src nix
 celluloid # video player
 cozy # audiobooks player
 gnome-podcasts # podcast player
 handbrake # video converter, may be unnecessary
 curtail # image compressor
 pitivi # video editor
 identity # compare images or videos
 mousai # poor man shazam
 tagger # tag music files
 bottles # wine prefix manager
 obs-studio # screen recorder & streamer
 shortwave # listen to world radio
 nextcloud-client # self-hosted google-drive alternative
 #+end_src
 *** WEB
 Stuff that I use to interact with the web, web browsers, chats, download
 managers, etc.
 #+begin_src nix
 firefox # web browser that allows to disable spyware
 tor-browser-bundle-bin # dark web, so dark!
 ungoogled-chromium # web browser with spyware included
 discord # chat
 telegram-desktop # furry chat
 # hugo # website engine
 nicotine-plus # remember Ares?
 warp # never used, but supposedly cool for sharing files
 #+end_src
 ** COMMAND-LINE PACKAGES
 #+begin_src nix
@ -376,8 +261,8 @@ jawzTasks
 (writeScriptBin "ffmpreg" (builtins.readFile ./scripts/ffmpreg.sh))
 (writeScriptBin "chat-dl" (builtins.readFile ./scripts/chat-dl.sh))
 (writeScriptBin "split-dir" (builtins.readFile ./scripts/split-dir.sh))
-(writeScriptBin "pika-list" (builtins.readFile ./scripts/pika-list.sh))
+# (writeScriptBin "pika-list" (builtins.readFile ./scripts/pika-list.sh))
-(writeScriptBin "run" (builtins.readFile ./scripts/run.sh))
+# (writeScriptBin "run" (builtins.readFile ./scripts/run.sh))
 #+end_src
 ** DEVELOPMENT PACKAGES
@ -438,12 +323,6 @@ Themes and other customization, making my DE look the way I want is one of the
 main draws of Linux for me.
 #+begin_src nix
 # Themes
 adw-gtk3
 # gradience # theme customizer, allows you to modify adw-gtk3 themes
 gnome.gnome-tweaks # tweaks for the gnome desktop environment
 qgnomeplatform
 # Fonts
 (nerdfonts.override {
  fonts = [ "Agave" "CascadiaCode" "SourceCodePro"
@ -515,23 +394,6 @@ symbola
  prettybat # trans your sourcecode!
 #+end_src
 ** GNOME EXTENSIONS
 #+begin_src nix
 ]) ++ (with pkgs.gnomeExtensions; [
  appindicator # applets for open applications
  gsconnect # sync data and notifications from your phone
  freon # hardware temperature monitor
  panel-scroll # scroll well to change workspaces
  reading-strip # like putting a finger on every line I read
  tactile # window manager
  pano # clipboard manager
  blur-my-shell # make the overview more visually appealing
  # burn-my-windows
  # forge # window manager
 # ]) ++ (with unstable.pkgs.gnomeExtensions; [
 #+end_src
 ** NODEJS PACKAGES
 #+begin_src nix
@ -611,9 +473,8 @@ if command -v fzf-share >/dev/null; then
 fi
 nixos-reload () {
-    nix-store --add-fixed sha256 /home/jawz/Development/NixOS/scripts/PureRef-1.11.1_x64.Appimage
+    nixfmt /home/jawz/Development/NixOS/workstation/*.nix
-    nixfmt /home/jawz/Development/NixOS/*.nix
+    sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/workstation/configuration.nix
    sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/configuration.nix
 }
 #+end_src
 #+begin_src nix
@ -826,14 +687,6 @@ programs = {
    enable = true;
    enableSSHSupport = true;
  };
  geary = {
    enable = true;
  };
  steam = {
    enable = true;
    remotePlay.openFirewall = true;
    dedicatedServer.openFirewall = true;
  };
  msmtp = {
    enable = true;
    accounts.default = {
@ -916,7 +769,7 @@ systemd = {
  user = {
    services = {
      HentaiAtHome = {
-        enable = false;
+        enable = true;
        restartIfChanged = true;
        description = "Run hentai@home server";
        wantedBy = [ "default.target" ];
@ -1006,32 +859,6 @@ systemd = {
 };
 #+end_src
 * FIREWALL
 Open ports in the firewall.
 =TIP= list what app a port belongs to in a table.
 #+begin_src nix
 networking = {
  firewall = let
    open_firewall_ports = [
      6969 # HentaiAtHome
      25152 # ssh
      51413 # torrent
    ];
    open_firewall_port_ranges = [
      { from = 1714;  to = 1764; } # kdeconnect
    ];
    in
    {
    enable = true;
    allowedTCPPorts = open_firewall_ports;
    allowedUDPPorts = open_firewall_ports;
    allowedTCPPortRanges = open_firewall_port_ranges;
    allowedUDPPortRanges = open_firewall_port_ranges;
  };
 };
 #+end_src
 * MISC SETTINGS
 ** ENABLE FONTCONFIG
 If enabled, a Fontconfig configuration file will point to a set of default
@ -1045,6 +872,39 @@ setting.
 fonts.fontconfig.enable = true;
 #+end_src
 ** NFS
 #+begin_src nix
 fileSystems = {
  "/export/disk1" = {
    device = "/mnt/disk1";
    options = ["bind"];
  };
  "/export/disk2" = {
    device = "/mnt/disk2";
    options = ["bind"];
  };
  "/export/seedbox" = {
    device = "/mnt/seedbox";
    options = ["bind"];
  };
  "/export/jawz" = {
    device = "/home/jawz";
    options = ["bind"];
  };
 };
 services.nfs = {
  server = {
    enable = true;
    exports = ''
      /export         192.168.1.64(rw,fsid=0,no_subtree_check)
      /export/disk1   192.168.1.64(rw,nohide,insecure,no_subtree_check)
      /export/disk2   192.168.1.64(rw,nohide,insecure,no_subtree_check)
      /export/seedbox 192.168.1.64(rw,nohide,insecure,no_subtree_check)
      /export/jawz    192.168.1.64(rw,nohide,insecure,no_subtree_check)
    '';
  };
 };
 #+end_src
 * FINAL SYSTEM CONFIGURATIONS
 The first setting creates a copy the NixOS configuration file and link it from
 the resulting system (/run/current-system/configuration.nix).  This is useful in
--- a/workstation/nginx.nix
+++ b/workstation/nginx.nix
@ -6,7 +6,9 @@
 let
  localhost = "127.0.0.1";
  battlestation = "192.168.1.64";
  jellyfinPort = "8096";
  gptPort = "7860";
  nextcloudPort = 80;
  searxPort = 8080;
  newflixPort = 8897;
@ -108,6 +110,13 @@ in {
      "vault.servidos.lat" = proxy vaultPort // { };
      "searx.servidos.lat" = proxy searxPort // { };
      "qampqwn4wprhqny8h8zj.servidos.lat" = proxy secretFlamePort // { };
      "6fxAtnPxEeI8hN.servidos.lat" = {
        forceSSL = true;
        enableACME = true;
        locations = {
          "/" = { proxyPass = "http://${battlestation}:${gptPort}"; };
        };
      };
      "flix.servidos.lat" = {
        forceSSL = true;
        enableACME = true;
--- a/workstation/scripts/update-dns.sh
+++ b/workstation/scripts/update-dns.sh
@ -5,7 +5,7 @@
 # for a domain to your external IP address
 # namecheap
-hostnames=(cloud @)
+hostnames=(cloud @ 6fxAtnPxEeI8hN)
 domain=rotehaare.art
 password=60d672be5d9d4828a0f96264babe0ac1
--- a/workstation/servers.nix
+++ b/workstation/servers.nix
@ -252,4 +252,13 @@ in {
      };
    };
  };
  networking = {
    firewall = let open_firewall_ports = [ config.services.paperless.port ];
    in {
      enable = true;
      allowedTCPPorts = open_firewall_ports;
      allowedUDPPorts = open_firewall_ports;
    };
  };
 }