Kernel modules troubleshoot

2025-10-27 07:40:22 +00:00
parent 6f84bdefb4
commit 24a211330a
16 changed files with 350 additions and 106 deletions
@@ -2,7 +2,7 @@
 [Felix Nixos Config](https://github.com/Stunkymonkey/nixos)
-## structure
+## Structure
 ```
 .
@@ -14,10 +14,18 @@
 └── environments     # summarize module collections into single options
 ```
 ## Commands
-## ToDo's:
+```bash
- - [ ] Developer Workbench
+# Rebuild (switch/boot/test) 
- - [ ] Use Disko for drives
+sudo nixos-rebuild switch --flake '.#jupiter'
 - [ ] fully automate installation 
-## usage
+
 # Update Flake
 nix flake update
 # Channel list
 sudo nix-channel --list
 # Channel update
 sudo nix-channel --update
 ```
@@ -21,11 +21,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1736143030,
+        "lastModified": 1759362264,
-        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
+        "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
+        "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
        "type": "github"
      },
      "original": {
@@ -55,24 +55,6 @@
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "git-hooks-nix": {
      "inputs": {
        "flake-compat": [
@@ -109,17 +91,16 @@
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts_2",
        "git-hooks-nix": "git-hooks-nix",
        "nixfmt": "nixfmt",
        "nixpkgs": "nixpkgs",
        "nixpkgs-23-11": "nixpkgs-23-11",
        "nixpkgs-regression": "nixpkgs-regression"
      },
      "locked": {
-        "lastModified": 1738052114,
+        "lastModified": 1759772381,
-        "narHash": "sha256-OqHJ6mnBh2Ayqr2Sz7FUR2gOzupBBh9zC1DAaj61+OA=",
+        "narHash": "sha256-xhNd/WR6/ZSNEJV+9MnZ31cHbk5NAvCG8j4gV1ucJPo=",
        "owner": "NixOS",
        "repo": "nix",
-        "rev": "fbe2940a08b0f850ee3a01978256b4c4d5906587",
+        "rev": "1e709554d565be51ab8d5a7e4941b0cc1da70807",
        "type": "github"
      },
      "original": {
@@ -128,24 +109,6 @@
        "type": "github"
      }
    },
    "nixfmt": {
      "inputs": {
        "flake-utils": "flake-utils"
      },
      "locked": {
        "lastModified": 1736283758,
        "narHash": "sha256-hrKhUp2V2fk/dvzTTHFqvtOg000G1e+jyIam+D4XqhA=",
        "owner": "NixOS",
        "repo": "nixfmt",
        "rev": "8d4bd690c247004d90d8554f0b746b1231fe2436",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "repo": "nixfmt",
        "type": "github"
      }
    },
    "nixlib": {
      "locked": {
        "lastModified": 1736643958,
@@ -169,11 +132,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1737057290,
+        "lastModified": 1751903740,
-        "narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
+        "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
+        "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
        "type": "github"
      },
      "original": {
@@ -184,11 +147,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1737751639,
+        "lastModified": 1759582739,
-        "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=",
+        "narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4",
+        "rev": "3441b5242af7577230a78ffb03542add264179ab",
        "type": "github"
      },
      "original": {
@@ -199,16 +162,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1734359947,
+        "lastModified": 1756178832,
-        "narHash": "sha256-1Noao/H+N8nFB4Beoy8fgwrcOQLVm9o4zKW1ODaqK9E=",
+        "narHash": "sha256-O2CIn7HjZwEGqBrwu9EU76zlmA5dbmna7jL1XUmAId8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "48d12d5e70ee91fe8481378e540433a7303dbf6a",
+        "rev": "d98ce345cdab58477ca61855540999c86577d19d",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "release-24.11",
+        "ref": "nixos-25.05-small",
        "repo": "nixpkgs",
        "type": "github"
      }
@@ -231,14 +194,17 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1735774519,
+        "lastModified": 1754788789,
-        "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
+        "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
-        "type": "tarball",
+        "owner": "nix-community",
-        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
+        "repo": "nixpkgs.lib",
        "rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
        "type": "github"
      },
      "original": {
-        "type": "tarball",
+        "owner": "nix-community",
-        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
+        "repo": "nixpkgs.lib",
        "type": "github"
      }
    },
    "nixpkgs-regression": {
@@ -259,11 +225,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1737885589,
+        "lastModified": 1759381078,
-        "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
+        "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
+        "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
        "type": "github"
      },
      "original": {
@@ -274,11 +240,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1750005367,
+        "lastModified": 1759580034,
-        "narHash": "sha256-h/aac1dGLhS3qpaD2aZt25NdKY7b+JT0ZIP2WuGsJMU=",
+        "narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "6c64dabd3aa85e0c02ef1cdcb6e1213de64baee3",
+        "rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318",
        "type": "github"
      },
      "original": {
@@ -296,21 +262,6 @@
        "nixpkgs": "nixpkgs_2",
        "nixpkgs-unstable": "nixpkgs-unstable"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
@@ -10,13 +10,14 @@
    ./disks.nix
    ./hardware-configuration.nix
    ./environments.nix
 #    ./network.nix
  ];
  networking.hostName = "jupiter";
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
-  boot.kernelPackages = pkgs.unstable.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackages;
  # Shitfuck SOnar Dotnet dependency
  nixpkgs.config = {
@@ -31,9 +32,9 @@
  services.openssh.enable = true;
  # Configure keymap in X11
-  services.xserver = {
+  services.xserver.xkb = {
    layout = "de";
-    xkbVariant = "";
+    variant = "";
  };
  # Configure console keymap
@@ -45,6 +46,19 @@
  security.rtkit.enable = true;
  # Try fix wifi disconnect
  networking.networkmanager.wifi.powersave = false;
  # Disable hibernate completely
  powerManagement.enable = true;
  systemd.targets."hibernate".enable = false;
  systemd.targets."hybrid-sleep".enable = false;
  systemd.targets."suspend-then-hibernate".enable = false;
  # Optional: kernel parameter to fully disable hibernation
  boot.kernelParams = [ "nohibernate" ];
  system = {
    stateVersion = "23.05";
    autoUpgrade.enable = true;
@@ -8,11 +8,13 @@ in
    hyprland.enable = false;
    zsh.enable = true;
    apps = {
-      desktop_apps = true;
+      desktop_apps = false;
      dev_apps = false;
      gnome_apps = false;
    };
-    kde-desktop.enable = true;
+    actual.enable = true;
    audiobookshelf.enable = true;
    kde-desktop.enable = false;
    radarr.enable = true;
    docker.enable = true;
    readarr.enable = true;
@@ -21,7 +23,7 @@ in
    jellyseerr.enable = true;
    development.enable = true;
    paperless = {
-      enable = false;
+      enable = true;
      port = 28981; # Optional, to override the default port
      extraConfig = {
        PAPERLESS_ADMIN_USER = "finn";
@@ -33,10 +35,11 @@ in
  my.hardware = {
    bluetooth.enable = true;
-    sound.enable = true;
+    sound.enable = false;
  };
  my.services = {
    vpn.enable = true;
    webserver.enable = false;
  };
 }
@@ -18,7 +18,6 @@
    "xhci_pci"
    "ahci"
    "nvme"
    "usbhid"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
@@ -29,7 +28,7 @@
  nixpkgs.config.packageOverrides = pkgs: {
    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
  };
-  hardware.opengl = {
+  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver # LIBVA_DRIVER_NAME=iHD
@@ -0,0 +1,10 @@
 _: {
  networking.firewall.allowedTCPPorts = [
    8080 # aria
  ];
  networking = {
    domain = "jupiter.solar.internal";
    search = [ "jupiter.solar.internal" ];
  };
 }
@@ -0,0 +1,35 @@
 # manages and downloads films
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.my.profiles.audiobookshelf;
 in
 {
  options.my.profiles.actual = with lib; {
    enable = mkEnableOption "Audio Book Service";
  };
  config = lib.mkIf cfg.enable {
    services.actual = {
      enable = true;
      openFirewall = true;
      settings = {
        port = 40465;
        hostname = "0.0.0.0";
      };
    };
    environment.systemPackages = with pkgs; [
      actual-server
    ];
    systemd.services.actual = {
      after = [ "network-online.target" ];
    };
  };
 }
@@ -0,0 +1,33 @@
 # manages and downloads films
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.my.profiles.audiobookshelf;
 in
 {
  options.my.profiles.audiobookshelf = with lib; {
    enable = mkEnableOption "Audio Book Service";
  };
  config = lib.mkIf cfg.enable {
    services.audiobookshelf = {
      enable = true;
      openFirewall = true;
      port = 63834;
      host = "0.0.0.0";
    };
    environment.systemPackages = with pkgs; [
      audiobookshelf
    ];
    systemd.services.audiobookshelf = {
      after = [ "network-online.target" ];
    };
  };
 }
@@ -1,7 +1,9 @@
 { ... }:
 {
  imports = [
    ./actual
    ./apps
    ./audiobookshelf
    ./development
    ./hyprland
    ./zsh
@@ -18,7 +18,7 @@ in
      google-chrome
      vscode
      neovim
-      jetbrains.idea-ultimate
+      # jetbrains.idea-ultimate
      go
      (python3.withPackages (
        ps: with ps; [
@@ -14,10 +14,10 @@ in
  };
  config = lib.mkIf cfg.enable {
-    services.xserver = {
+    services = {
      enable = true;
      displayManager.sddm.enable = true;
-      desktopManager.plasma5.enable = true;
+      displayManager.sddm.wayland.enable = true;
      desktopManager.plasma6.enable = true;
    };
    users.users.finn.packages = with pkgs; [
      # Programms can be added here...
@@ -28,10 +28,8 @@ in
    services.paperless = {
      enable = true;
      address = "0.0.0.0";
      dataDir = "/home/finn/documents/paperless";
      #inherit (cfg) port extraConfig;
      port = cfg.port;
-      extraConfig = cfg.extraConfig;
+#      settings = cfg.extraConfig;
    };
    networking.firewall.allowedTCPPorts = [ cfg.port ];
  };
@@ -12,6 +12,6 @@
    #./yubikey
    ./sound
    #./thunderbolt
-    #./wifi
+    # ./wifi
  ];
 }
@@ -13,8 +13,11 @@ in
  };
  config = lib.mkIf cfg.enable {
-    hardware.pulseaudio.enable = false;
+    services.pulseaudio = {
-    hardware.pulseaudio.support32Bit = true;
+      enable = false;
      support32Bit = true;
    };
    users.extraUsers.finn.extraGroups = [ "audio" ];
    environment.systemPackages = with pkgs; [
      headsetcontrol
@@ -4,5 +4,6 @@
 {
  imports = [
    ./vpn
    ./webserver
  ];
 }
@@ -0,0 +1,187 @@
 # public webserver with reverseproxy
 {
  config,
  lib,
  pkgs,
  ...
 }:
 let
  cfg = config.my.services.webserver;
  inherit (config.networking) domain;
  virtualHostOption = lib.types.submodule {
    options = {
      subdomain = lib.mkOption {
        type = lib.types.str;
        example = "dev";
        description = ''
          Which subdomain, under config.networking.domain, to use
          for this virtual host.
        '';
      };
      port = lib.mkOption {
        type = with lib.types; nullOr port;
        default = null;
        example = 8080;
        description = ''
          Which port to proxy to, through localhost, for this virtual host.
          This option is incompatible with `root`.
        '';
      };
      root = lib.mkOption {
        type = with lib.types; nullOr path;
        default = null;
        example = "/var/www/blog";
        description = ''
          The root folder for this virtual host.  This option is incompatible
          with `port`.
        '';
      };
      extraConfig = lib.mkOption {
        type = with lib.types; nullOr lines;
        example = lib.literalExpression ''
          {
            locations."/socket" = {
              proxyPass = "http://localhost:8096/";
              proxyWebsockets = true;
            };
          }
        '';
        default = null;
        description = ''
          Any extra configuration that should be applied to this virtual host.
        '';
      };
    };
  };
 in
 {
  options.my.services.webserver = {
    enable = lib.mkEnableOption "webserver";
    virtualHosts = lib.mkOption {
      type = lib.types.listOf virtualHostOption;
      default = [ ];
      example = lib.literalExpression ''
        [
          {
            subdomain = "gitea";
            port = 8080;
          }
          {
            subdomain = "dev";
            root = "/var/www/dev";
          }
          {
            subdomain = "jellyfin";
            port = 8096;
            extraConfig = {
              locations."/socket" = {
                proxyPass = "http://localhost:8096/";
                proxyWebsockets = true;
              };
            };
          }
        ]
      '';
      description = ''
        List of virtual hosts to set-up using default settings.
      '';
    };
  };
  config = lib.mkIf cfg.enable {
    assertions = [
      {
        assertion = lib.allUnique (builtins.filter (p: p != null) (map (v: v.port) cfg.virtualHosts));
        message =
          let
            portsWithSubdomains = builtins.filter (v: v.port != null) cfg.virtualHosts;
            duplicates = lib.filter (
              p: builtins.length (lib.filter (x: x.port == p.port) portsWithSubdomains) > 1
            ) portsWithSubdomains;
          in
          if duplicates == [ ] then
            ""
          else
            "Duplicate ports found in my.services.webserver.virtualHosts: "
            + builtins.concatStringsSep ", " (map (v: v.subdomain + ":" + builtins.toString v.port) duplicates);
      }
    ];
    services = {
      nginx.enable = false;
      caddy = {
        enable = true;
        email = "jupiter@solar.internal";
        globalConfig = ''
          servers{
          }
        '';
        extraConfig = ''
          (compress) {
            encode gzip zstd
          }
          (headers) {
            header {
              # enable CORS
              Access-Control-Allow-Origin "https://${config.networking.domain}"
              # disable FLoC tracking
              Permissions-Policy interest-cohort=()
              # enable HSTS
              Strict-Transport-Security max-age=31536000;
              # disable clients from sniffing the media type
              X-Content-Type-Options "nosniff"
              # clickjacking protection
              X-Frame-Options "DENY"
              # enable XSS protection
              X-XSS-Protection "1; mode=block"
              # referrer policy
              Referrer-Policy "strict-origin-when-cross-origin"
            }
          }
          (common) {
            import headers
            import compress
          }
        '';
        virtualHosts =
          let
            mkVHost =
              { subdomain, ... }@args:
              lib.nameValuePair "${subdomain}.${domain}" (
                lib.foldl lib.recursiveUpdate { } [
                  {
                    useACMEHost = domain;
                    extraConfig = ''
                      import common
                      ${lib.optionalString (args.root != null) ''
                        root * ${args.root}
                        file_server
                      ''}
                      ${lib.optionalString (args.port != null) ''
                        reverse_proxy localhost:${toString args.port} {
                          # remove CORS headers from proxied server, because duplicate headers are not allowed
                          # remove after new release: https://github.com/navidrome/navidrome/commit/657fe11f5327ff7a3cb6aa9308b0bb7c71eea5c6
                          header_down -Access-Control-Allow-Origin
                        }
                      ''}
                      ${lib.optionalString (args.extraConfig != null) args.extraConfig}
                    '';
                  }
                ]
              );
          in
          lib.listToAttrs (map mkVHost cfg.virtualHosts);
      };
    };
    networking.firewall.allowedTCPPorts = [
      80
      443
    ];
  };
 }