27 KiB
Executable File
JawZ NixOS server configuration
[0/6]- DECLARATION
- SYSTEM CONFIGURATION
- DISPLAY MANAGER
- SOUND
- SECURITY
- NIXPKGS SETTINGS
- NORMAL USERS
- USER PACKAGES
- HOME-MANAGER
- ENVIRONMENT
- SNAPRAID
- PROGRAMS
- SERVICES
- SYSTEMD
- FONTCONFIG
- HARDWARE
- CLOSE SYSTEM
TODO
[0/6]
-
System configurations
[0/8]- fail2ban
-
Misc
[0/3]- Figure out how to get rid of xterm
DECLARATION
Here I will declare the dependencies and variables that will be used multiple times through the config file, such as the current version of NixOS, repositories and even some scripts that will be reused on systemd configurations.
- version: used by both NixOS and home-manager to dictate the state repository from which to pull configurations, modules and packages.
- myEmail myName: used by git and acme
- cpuArchitecture: used by NixOS to optimize the compiled binaries to my current CPU specifications.
- home-manager: the channel containing the packages matching the NixOS state version, with a commented out to the unstable master.
- unstable: a sort of overlay that allows to prepend "unstable" to a package, to pull from the unstable channel rather than precompiled binaries on a case by case use.
- jawz*: scripts that will be reused multiple times through the config, such as on systemd, and as such this feels like a safe way to compile them only once.
{ config, pkgs, lib, ... }:
let
version = "23.05";
myEmail = "CaptainJawZ@outlook.com";
myName = "Danilo Reyes";
cpuArchitecture = "skylake";
home-manager = builtins.fetchTarball
# "https://github.com/nix-community/home-manager/archive/master.tar.gz";
"https://github.com/nix-community/home-manager/archive/release-${version}.tar.gz";
unstable = import
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
config = config.nixpkgs.config;
};
jawzManageLibrary = pkgs.writeScriptBin
"manage-library" (builtins.readFile ../scripts/manage-library.sh);
jawzTasks = pkgs.writeScriptBin
"tasks" (builtins.readFile ../scripts/tasks.sh);
in
{ # Remember to close this bracket at the end of the documentThese are files and modules which get loaded onto the configuration file, in the future I may segment this file into different modules once it becomes too cluttered, for example, I may create a module for systemd units.
- agenix: an encryption system which cleans up the nix-configuration files from
passwords and other secrets.
imports = [
./hardware-configuration.nix
./servers.nix
# ./openldap.nix
# <agenix/modules/age.nix>
(import "${home-manager}/nixos")
];SYSTEM CONFIGURATION
NETWORKING
Sets sensible networking options, such as setting up a hostname, and creating a hosts file with the static IP and hostname of other devices on my network.
Also open ports on the firewall for LAN connectivity, and well keeping commented what each port does, I declared the firwewall ports with variables, because I can not be bothered to figure out whether I need TCP or UDP so let's open both, and repetition is maddening.
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
networking = {
useDHCP = lib.mkDefault true;
enableIPv6 = false;
hostName = "server";
networkmanager.enable = true;
extraHosts = ''
192.168.1.64 workstation
'';
firewall = let
open_firewall_ports = [
6969 # HentaiAtHome
51413 # torrent sedding
9091 # qbittorrent
2049 # nfs
];
open_firewall_port_ranges = [ ];
in
{
enable = true;
allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports;
allowedTCPPortRanges = open_firewall_port_ranges;
allowedUDPPortRanges = open_firewall_port_ranges;
};
};TIMEZONE & LOCALE
For some reason, useXkbConfig throws an error when building the system, either way it is an unnecessary setting as my keyboards are the default en_US, only locale set to Canadian out because I prefer how it displays the date. LC_MONETARY, it's also a personal preference.
time.timeZone = "America/Mexico_City";
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = {
LC_MONETARY = "es_MX.UTF-8";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};SYSTEM/NIX CONFIGURATIONS
The first setting creates a copy the NixOS configuration file and link it from the resulting system (/run/current-system/configuration.nix). This is useful in case you accidentally delete configuration.nix.
The version value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system.
Lastly I configure in here cachix repositories, which is a website that keeps a cache of nixbuilds for easy quick deployments without having to compile everything from scratch.
- gc: automatically garbage-collects.
- auto-optimise-store: hard-links binaries whenever possible.
- system-features: features present on compiling time.
system = {
copySystemConfiguration = true;
stateVersion = "${version}";
};
nix = let featuresList = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-${cpuArchitecture}"
"gccarch-znver3"
];
in {
gc = {
automatic = true;
dates = "weekly";
};
buildMachines = [ {
hostName = "workstation";
system = "x86_64-linux";
sshUser = "nixremote";
maxJobs = 14;
speedFactor = 1;
supportedFeatures = featuresList;
} ];
distributedBuilds = true;
settings = {
cores = 6;
auto-optimise-store = true;
system-features = featuresList;
substituters = [
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
};DISPLAY MANAGER
Rather than having the server be completely headless, temporarily I'm enabling xfce as a minimal display manager.
services = {
xserver = {
enable = true;
displayManager.defaultSession = "xfce";
videoDrivers = [ "nvidia" ];
desktopManager = {
xfce.enable = true;
xterm.enable = false;
};
layout = "us";
};
};SOUND
In order to avoid issues with PipeWire, the wiki recommends to disable pulseaudio. This is a basic PipeWire configuration that can support alsa/pulse backends.
hardware.pulseaudio.enable = false;
sound.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};SECURITY
Disabled password in sudo for commodity, but this is obviously not recommended, regarding rkit, that setting enables pipewire to run with real-time capabilities. And lastly, the acme settings are for signing certificates.
The pam limits exists so NixOS can compile the entire system without running into "Too many files open" errors.
security = {
acme = {
acceptTerms = true;
defaults.email = myEmail;
};
rtkit.enable = true;
sudo = {
enable = true;
wheelNeedsPassword = false;
};
pam.loginLimits = [{
domain = "*";
type = "soft";
item = "nofile";
value = "8192";
}];
};NIXPKGS SETTINGS
Allow non-free, sadly is a requirement for some of my drivers, besides that, here is a good place to declare some package overrides as well as permit unsafe packages.
localSystem allows me to compile the entire operating system optimized to my CPU architecture and other build flags.
note if using gcc.arch flags, comment out hostPlatform and viceversa.
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config.allowUnfree = true;
# localSystem = {
# gcc.arch = cpuArchitecture;
# gcc.tune = cpuArchitecture;
# system = "x86_64-linux";
# };
};NORMAL USERS
Being part of the "wheel" group, means that the user has root privileges. The piracy.gid is so I have read/write access permissions on all the hard drives split among my multiple systems, the rest of the groups are self explanatory.
- nixremote: is a low-privilege user set exclusively with the intention to be a proxy to build the nix-store remotely.
users = {
groups.nixremote = {
name = "nixremote";
gid = 555;
};
users.nixremote = {
isNormalUser = true;
createHome = true;
group = "nixremote";
home = "/var/nixremote/";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server"
];
};
};
users.users.jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker"
"scanner" "lp" "piracy" "kavita"
"render" "video"
];
initialPassword = "password";
openssh = {
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@workstation"
];
};This section of the document categorizes and organizes all he packages that I want installed, attempting to group them as dependencies of others when necessary.
USER PACKAGES
This section of the document categorizes and organizes all he packages that I want installed, attempting to group them as dependencies of others when necessary.
Begin the block to install user packages.
packages = (with pkgs; [cli and tui packages, which on their own right are as or more powerful than the packages on the previous section.
note exa is no longer maintained, and will soon be replaced by eza, a maintained
fork.
HUNSPELL
These dictionaries work with Firefox, Doom Emacs and LibreOffice.
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CACUSTOMIZATION PACKAGES
Themes and other customization, making my DE look the way I want is one of the main draws of Linux for me.
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro"
"Ubuntu" "FiraCode" "Iosevka" ];
})
symbolaCOMMAND-LINE PACKAGES
unstable.yt-dlp # downloads videos from most video websites
unstable.gallery-dl # similar to yt-dlp but for most image gallery websites
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
gdu # disk-space utility, somewhat useful
du-dust # rusty du
trashy # oop! didn't meant to delete that
unstable.eza # like ls but with colors
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFSMY SCRIPTS
Here I compile my own scripts into binaries
jawzManageLibrary
jawzTasks
(writeScriptBin "ffmpeg4discord" (builtins.readFile ../scripts/ffmpeg4discord.py))
(writeScriptBin "ffmpreg" (builtins.readFile ../scripts/ffmpreg.sh))
(writeScriptBin "chat-dl" (builtins.readFile ../scripts/chat-dl.sh))
(writeScriptBin "split-dir" (builtins.readFile ../scripts/split-dir.sh))
(writeScriptBin "pika-list" (builtins.readFile ../scripts/pika-list.sh))
(writeScriptBin "run" (builtins.readFile ../scripts/run.sh))DEVELOPMENT PACKAGES
Assorted development packages and libraries, categorized by languages.
# required (optionally) by doom emacs, but still are rather useful
tree-sitter # code parsing based on symbols and shit, I do not get it
graphviz # graphs
tetex
# languagetool # proofreader for English
# these two are for doom everywhere
xorg.xwininfo
xdotool
xclip
tldr # man for retards
exercism # learn to code
# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
# NIX
expect # keep color when nom'ing
nix-output-monitor # autistic nix builds
nixfmt # linting
cachix # why spend time compiling?
# PYTHON.
python3 # base language
pipenv # python development workflow for humans
# poetry # dependency management made easy
# C# & Rust
# omnisharp-roslyn # c# linter and code formatter
# HASKELL
# cabal-install # haskell interface
# JS
nodejs # not as bad as I thoughtPYTHON
]) ++ (with pkgs.python3Packages; [
flake8 # wraper for pyflakes, pycodestyle and mccabe
isort # sort Python imports
nose # testing and running python scripts
pyflakes # checks source code for errors
pytest # framework for writing tests
speedtest-cli # check internet speed from the comand line
editorconfig # follow rules of contributin
black # Python code formatter
pylint # bug and style checker for python
(buildPythonApplication rec {
pname = "download";
version = "1.5";
src = ../scripts/download/.;
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs =
[ pyyaml types-pyyaml ];
})
(buildPythonApplication rec {
pname = "ffpb";
version = "0.4.1";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
};
doCheck = false;
buildInputs = [ setuptools ];
propagatedBuildInputs =
[ tqdm ];
})
# (buildPythonApplication rec {
# pname = "qbit_manage";
# version = "4.0.3";
# src = fetchPypi {
# inherit pname version;
# sha256 = "sha256-7eVqbLpMHS1sBw2vYS4cTtyVdnnknGtEI8190VlXflk=";
# };
# doCheck = true;
# buildInputs = [ setuptools ];
# propagatedBuildInputs =
# [ gitpython requests retrying ruamel-yaml schedule unstable.qbittorrent-api ];
# })NODEJS PACKAGES
Mostly language servers and linters.
]) ++ (with pkgs.nodePackages; [
# Language servers
dockerfile-language-server-nodejs
yaml-language-server
bash-language-server
vscode-json-languageserver
pyright
markdownlint-cli # Linter
prettier # Linter
pnpm # Package managerCLOSING USER PACKAGES
]); }; # <--- end of package listHOME-MANAGER
HOME-MANAGER SETTINGS
These make it so packages install to '/etc' rather than the user home directory, also allow for upgrades when rebuilding the system.
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.jawz = { config, pkgs, ... }:{
home.stateVersion = "${version}";DOTFILES
I opted out of using home-manager to declare my package environment, and instead I use it exclusively for setting up my dotfiles.
BASH
Declares my .bashrc file, and sets up some environment and functions.
programs.bash = {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";
historyControl = [ "erasedups" "ignorespace" ];
shellAliases = {
hh = "hstr";
ls = "eza --icons --group-directories-first";
edit = "emacsclient -t";
comic = "download -u jawz -i \"$(cat $LC | fzf --multi --exact -i)\"";
gallery = "download -u jawz -i \"$(cat $LW | fzf --multi --exact -i)\"";
cp = "cp -i";
mv = "mv -i";
mkcd = "mkdir -pv \"$1\" && cd \"$1\" || exit";
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
dl = "download -u jawz -i";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
open-gallery = "cd /mnt/disk2/scrapping/JawZ/gallery-dl && xdg-open $(fd . ./ Husbands -tdirectory -d 1 | fzf -i)\"";
unique-extensions = "fd -tf | rev | cut -d. -f1 | rev | tr '[:upper:]' '[:lower:]' | sort | uniq --count | sort -rn";
};
enableVteIntegration = true;
initExtra = ''
$HOME/.local/bin/pokemon-colorscripts -r --no-title
# Lists
list_root="${config.xdg.configHome}"/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
export command_timeout=30
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
nixos-reload () {
nixfmt /home/jawz/Development/NixOS/server/*.nix
sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/server/configuration.nix
}
'';
};XDG
Configurations for XDG directories, as well as installing dotfiles from the sub-directory on this repository.
xdg = {
enable = true;
userDirs = {
enable = true;
createDirectories = false;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
templates = "${config.xdg.dataHome}/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
configFile = {
"wgetrc".source = ../dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source = ../dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ../dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ../dotfiles/gallery-dl/config.json;
"htop/htoprc".source = ../dotfiles/htop/htoprc;
};
};HOME-MANAGER PROGRAMS
Program declarations that are exclusive to home-manager, declaring packages this way allows for extra configuration and integration beyond installing the packages on the user environment, it's the only exception I make to installing packages through home-manager.
programs = {
hstr.enable = true;
emacs.enable = true;
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
bat = {
enable = true;
config = {
pager = "less -FR";
theme = "base16";
};
extraPackages = with pkgs.bat-extras; [
batman # man pages
batpipe # piping
batgrep # ripgrep
batdiff # this is getting crazy!
batwatch # probably my next best friend
prettybat # trans your sourcecode!
];
};
git = {
enable = true;
userName = "${myName}";
userEmail = "${myEmail}";
};
htop = {
enable = true;
package = pkgs.htop-vim;
};
};HOME-MANAGER USER-SERVICES
Lorri helps optimize emacs compilations, and the declaring emacs as a service through home-manager fixes the bug where emacs loads so quickly that can not connect to a graphic environment unless restarting the systemd service.
services = {
lorri.enable = true;
emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs;
};
};CLOSING HOME-MANAGER
}; };ENVIRONMENT
These are a MUST to ensure the optimal function of nix, without these, recovery may be challenging.
The environment.etc block allows for bluetooth devices to control volume, pause, and other things through the headset controls.
Declare environment variables whose function is mostly to clear-up the $HOME directory from as much bloat as possible, as well as some minor graphical tweaks some applications use.
environment = {
systemPackages = with pkgs; [
wget
jellyfin-ffmpeg # coolest video converter!
dlib
];
variables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
CABAL_DIR = "${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "${XDG_DATA_HOME}/cargo";
GEM_HOME = "${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "${XDG_DATA_HOME}/ruby/specs";
GOPATH = "${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "${XDG_DATA_HOME}/pnpm";
PSQL_HISTORY="${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE="${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX="${XDG_DATA_HOME}/wine";
# OPTIONS
HISTFILE = "${XDG_STATE_HOME}/bash/history";
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
DOCKER_CONFIG="${XDG_CONFIG_HOME}/docker";
# NVIDIA
CUDA_CACHE_PATH = "${XDG_CACHE_HOME}/nv";
# Themes
# WEBKIT_DISABLE_COMPOSITING_MODE = "1";
CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${HOME}/.local/bin"
"\${XDG_CONFIG_HOME}/emacs/bin"
"\${XDG_DATA_HOME}/npm/bin"
"\${XDG_DATA_HOME}/pnpm"
];
};
};SNAPRAID
It's a parity raid utility which creates a scheme similar to what UNRAID offered, except not in real time, I schedule it to run every night, so it keeps my files sync, while it is possible to use snapraid as a solution to keep a historic backup of your files, I am more concerned with the whole disk recovery in case of failure, as such a frequent sync fits my preferences.
snapraid = {
enable = true;
touchBeforeSync = true;
sync.interval = "02:00";
scrub = {
plan = 10;
olderThan = 10;
interval = "4:00";
};
parityFiles = [
"/mnt/parity/snapraid.parity"
];
extraConfig = ''
autosave 5000
'';
exclude = [
"/tmp/"
"/lost+found/"
"/multimedia/downloads/"
"/scrapping/nextcloud/"
"/backups/"
"/glue/Spankbank/____UNORGANIZED/Chaturbate/"
"/nextcloud/nextcloud.log"
];
dataDisks = {
d1 = "/mnt/disk1/";
d2 = "/mnt/disk2/";
};
contentFiles = [
"/var/snapraid.content"
"/mnt/disk1/snapraid.content"
"/mnt/disk2/snapraid.content"
];
};PROGRAMS
Some programs get enabled and installed through here, as well as the activation of some services.
programs = {
starship.enable = true;
fzf.fuzzyCompletion = true;
neovim = {
enable = true;
vimAlias = true;
};
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
msmtp = {
enable = true;
accounts.default = {
auth = true;
host = "smtp.gmail.com";
port = 587;
tls = true;
from = "stunner6399@gmail.com";
user = "stunner6399@gmail.com";
password = "eqyctcgjdykqeuwt";
};
};
};SERVICES
Miscellaneous services, most of which are managed by systemd.
- minidlna: allows me to watch my media on my tv.
- avahi: allows to discover/connect to devices through their hostname on the same network.
- fstrim/btrfs: file-system services.
- psd: profile-sync-daemon, loads the chrome/firefox profile to ram.
services = {
minidlna = {
enable = true;
openFirewall = true;
settings = {
inotify = "yes";
media_dir = [
"/mnt/disk2/glue"
"/mnt/seedbox/glue"
"/mnt/disk1/multimedia/downloads"
];
};
};
avahi = {
enable = true;
nssmdns = true;
};
fstrim.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
"/mnt/disk1"
"/mnt/disk2"
];
};
openssh = {
enable = true;
openFirewall = true;
startWhenNeeded = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};SYSTEMD
Home-manager, is not as flushed out when it comes to creating systemd units, so the best way to define them for now, is using nix.
systemd = {
packages = [ pkgs.qbittorrent-nox ];
services = {
"qbittorrent-nox@jawz" = {
enable = true;
overrideStrategy = "asDropin";
wantedBy = [ "multi-user.target" ];
};
};
timers = { };
user = {
services = {
HentaiAtHome = {
enable = true;
restartIfChanged = true;
description = "Run hentai@home server";
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
WorkingDirectory="/mnt/hnbox";
ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome";
};
};
unpackerr = {
enable = true;
restartIfChanged = true;
description = "Run unpackerr";
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
};
};
manage-library = {
enable = true;
restartIfChanged = true;
description = "Run the manage library bash script";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.nix
jawzManageLibrary
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzManageLibrary}/bin/manage-library";
};
};
tasks = {
restartIfChanged = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.nix
jawzTasks
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzTasks}/bin/tasks";
};
};
qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
path = [
pkgs.python3
pkgs.pipenv
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${qbit_dir}/.venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml";
};
};
};
timers = {
tasks = {
enable = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
qbit_manage = {
enable = true;
description = "Tidy up my torrents";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
};
};
};FONTCONFIG
If enabled, a Fontconfig configuration file will point to a set of default
fonts. If you don not care about running X11 applications or any other program
that uses Fontconfig, you can turn this option off and prevent a dependency on
all those fonts.
tip once that Wayland is ready for deployment, I probably can remove this
setting.
fonts.fontconfig.enable = true;HARDWARE
Computer-specific hardware settings. The power management settings are defaulted to "performance".
- nvidia: GPU drivers.
- cpu.intel: microcode patches.
hardware = {
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
};
cpu.intel.updateMicrocode = lib.mkDefault true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};CLOSE SYSTEM
}