finn.markwitz/nixos
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Kernel modules troubleshoot

Browse Source
This commit is contained in:
Finn Markwitz
2025-10-27 07:40:22 +00:00
parent 6f84bdefb4
commit 24a211330a
16 changed files with 350 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+14 -6
View File
@@ -2,7 +2,7 @@
[Felix Nixos Config](https://github.com/Stunkymonkey/nixos)
## structure
## Structure
```
.
@@ -14,10 +14,18 @@
└── environments # summarize module collections into single options
```
## Commands
## ToDo's:
- [ ] Developer Workbench
- [ ] Use Disko for drives
- [ ] fully automate installation
```bash
# Rebuild (switch/boot/test)
sudo nixos-rebuild switch --flake '.#jupiter'
## usage
# Update Flake
nix flake update
# Channel list
sudo nix-channel --list
# Channel update
sudo nix-channel --update
```
flake.lock
Generated
+31 -80
View File
@@ -21,11 +21,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
@@ -55,24 +55,6 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks-nix": {
"inputs": {
"flake-compat": [
@@ -109,17 +91,16 @@
"flake-compat": "flake-compat",
"flake-parts": "flake-parts_2",
"git-hooks-nix": "git-hooks-nix",
"nixfmt": "nixfmt",
"nixpkgs": "nixpkgs",
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1738052114,
"narHash": "sha256-OqHJ6mnBh2Ayqr2Sz7FUR2gOzupBBh9zC1DAaj61+OA=",
"lastModified": 1759772381,
"narHash": "sha256-xhNd/WR6/ZSNEJV+9MnZ31cHbk5NAvCG8j4gV1ucJPo=",
"owner": "NixOS",
"repo": "nix",
"rev": "fbe2940a08b0f850ee3a01978256b4c4d5906587",
"rev": "1e709554d565be51ab8d5a7e4941b0cc1da70807",
"type": "github"
},
"original": {
@@ -128,24 +109,6 @@
"type": "github"
}
},
"nixfmt": {
"inputs": {
"flake-utils": "flake-utils"
},
"locked": {
"lastModified": 1736283758,
"narHash": "sha256-hrKhUp2V2fk/dvzTTHFqvtOg000G1e+jyIam+D4XqhA=",
"owner": "NixOS",
"repo": "nixfmt",
"rev": "8d4bd690c247004d90d8554f0b746b1231fe2436",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixfmt",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
@@ -169,11 +132,11 @@
]
},
"locked": {
"lastModified": 1737057290,
"narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
"lastModified": 1751903740,
"narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
"rev": "032decf9db65efed428afd2fa39d80f7089085eb",
"type": "github"
},
"original": {
@@ -184,11 +147,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1737751639,
"narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=",
"lastModified": 1759582739,
"narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4",
"rev": "3441b5242af7577230a78ffb03542add264179ab",
"type": "github"
},
"original": {
@@ -199,16 +162,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1734359947,
"narHash": "sha256-1Noao/H+N8nFB4Beoy8fgwrcOQLVm9o4zKW1ODaqK9E=",
"lastModified": 1756178832,
"narHash": "sha256-O2CIn7HjZwEGqBrwu9EU76zlmA5dbmna7jL1XUmAId8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "48d12d5e70ee91fe8481378e540433a7303dbf6a",
"rev": "d98ce345cdab58477ca61855540999c86577d19d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.11",
"ref": "nixos-25.05-small",
"repo": "nixpkgs",
"type": "github"
}
@@ -231,14 +194,17 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1735774519,
"narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
"lastModified": 1754788789,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-regression": {
@@ -259,11 +225,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1737885589,
"narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -274,11 +240,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1750005367,
"narHash": "sha256-h/aac1dGLhS3qpaD2aZt25NdKY7b+JT0ZIP2WuGsJMU=",
"lastModified": 1759580034,
"narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c64dabd3aa85e0c02ef1cdcb6e1213de64baee3",
"rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318",
"type": "github"
},
"original": {
@@ -296,21 +262,6 @@
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
machines/jupiter/configuration.nix
+17 -3
View File
@@ -10,13 +10,14 @@
./disks.nix
./hardware-configuration.nix
./environments.nix
# ./network.nix
];
networking.hostName = "jupiter";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.unstable.linuxPackages_latest;
boot.kernelPackages = pkgs.linuxPackages;
# Shitfuck SOnar Dotnet dependency
nixpkgs.config = {
@@ -31,9 +32,9 @@
services.openssh.enable = true;
# Configure keymap in X11
services.xserver = {
services.xserver.xkb = {
layout = "de";
xkbVariant = "";
variant = "";
};
# Configure console keymap
@@ -45,6 +46,19 @@
security.rtkit.enable = true;
# Try fix wifi disconnect
networking.networkmanager.wifi.powersave = false;
# Disable hibernate completely
powerManagement.enable = true;
systemd.targets."hibernate".enable = false;
systemd.targets."hybrid-sleep".enable = false;
systemd.targets."suspend-then-hibernate".enable = false;
# Optional: kernel parameter to fully disable hibernation
boot.kernelParams = [ "nohibernate" ];
system = {
stateVersion = "23.05";
autoUpgrade.enable = true;
machines/jupiter/environments.nix
+7 -4
View File
@@ -8,11 +8,13 @@ in
hyprland.enable = false;
zsh.enable = true;
apps = {
desktop_apps = true;
desktop_apps = false;
dev_apps = false;
gnome_apps = false;
};
kde-desktop.enable = true;
actual.enable = true;
audiobookshelf.enable = true;
kde-desktop.enable = false;
radarr.enable = true;
docker.enable = true;
readarr.enable = true;
@@ -21,7 +23,7 @@ in
jellyseerr.enable = true;
development.enable = true;
paperless = {
enable = false;
enable = true;
port = 28981; # Optional, to override the default port
extraConfig = {
PAPERLESS_ADMIN_USER = "finn";
@@ -33,10 +35,11 @@ in
my.hardware = {
bluetooth.enable = true;
sound.enable = true;
sound.enable = false;
};
my.services = {
vpn.enable = true;
webserver.enable = false;
};
}
machines/jupiter/hardware-configuration.nix
+1 -2
View File
@@ -18,7 +18,6 @@
"xhci_pci"
"ahci"
"nvme"
"usbhid"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
@@ -29,7 +28,7 @@
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.opengl = {
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
machines/jupiter/network.nix
+10
View File
@@ -0,0 +1,10 @@
_: {
networking.firewall.allowedTCPPorts = [
8080 # aria
];
networking = {
domain = "jupiter.solar.internal";
search = [ "jupiter.solar.internal" ];
};
}
modules/environments/actual/default.nix
+35
View File
@@ -0,0 +1,35 @@
# manages and downloads films
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.profiles.audiobookshelf;
in
{
options.my.profiles.actual = with lib; {
enable = mkEnableOption "Audio Book Service";
};
config = lib.mkIf cfg.enable {
services.actual = {
enable = true;
openFirewall = true;
settings = {
port = 40465;
hostname = "0.0.0.0";
};
};
environment.systemPackages = with pkgs; [
actual-server
];
systemd.services.actual = {
after = [ "network-online.target" ];
};
};
}
modules/environments/audiobookshelf/default.nix
+33
View File
@@ -0,0 +1,33 @@
# manages and downloads films
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.profiles.audiobookshelf;
in
{
options.my.profiles.audiobookshelf = with lib; {
enable = mkEnableOption "Audio Book Service";
};
config = lib.mkIf cfg.enable {
services.audiobookshelf = {
enable = true;
openFirewall = true;
port = 63834;
host = "0.0.0.0";
};
environment.systemPackages = with pkgs; [
audiobookshelf
];
systemd.services.audiobookshelf = {
after = [ "network-online.target" ];
};
};
}
modules/environments/default.nix
+2
View File
@@ -1,7 +1,9 @@
{ ... }:
{
imports = [
./actual
./apps
./audiobookshelf
./development
./hyprland
./zsh
modules/environments/development/default.nix
+1 -1
View File
@@ -18,7 +18,7 @@ in
google-chrome
vscode
neovim
jetbrains.idea-ultimate
# jetbrains.idea-ultimate
go
(python3.withPackages (
ps: with ps; [
modules/environments/kde-desktop/default.nix
+3 -3
View File
@@ -14,10 +14,10 @@ in
};
config = lib.mkIf cfg.enable {
services.xserver = {
enable = true;
services = {
displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true;
displayManager.sddm.wayland.enable = true;
desktopManager.plasma6.enable = true;
};
users.users.finn.packages = with pkgs; [
# Programms can be added here...
modules/environments/paperless/default.nix
+1 -3
View File
@@ -28,10 +28,8 @@ in
services.paperless = {
enable = true;
address = "0.0.0.0";
dataDir = "/home/finn/documents/paperless";
#inherit (cfg) port extraConfig;
port = cfg.port;
extraConfig = cfg.extraConfig;
# settings = cfg.extraConfig;
};
networking.firewall.allowedTCPPorts = [ cfg.port ];
};
modules/hardware/sound/default.nix
+5 -2
View File
@@ -13,8 +13,11 @@ in
};
config = lib.mkIf cfg.enable {
hardware.pulseaudio.enable = false;
hardware.pulseaudio.support32Bit = true;
services.pulseaudio = {
enable = false;
support32Bit = true;
};
users.extraUsers.finn.extraGroups = [ "audio" ];
environment.systemPackages = with pkgs; [
headsetcontrol
modules/services/default.nix
+1
View File
@@ -4,5 +4,6 @@
{
imports = [
./vpn
./webserver
];
}
modules/services/webserver/default.nix
+187
View File
@@ -0,0 +1,187 @@
# public webserver with reverseproxy
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.services.webserver;
inherit (config.networking) domain;
virtualHostOption = lib.types.submodule {
options = {
subdomain = lib.mkOption {
type = lib.types.str;
example = "dev";
description = ''
Which subdomain, under config.networking.domain, to use
for this virtual host.
'';
};
port = lib.mkOption {
type = with lib.types; nullOr port;
default = null;
example = 8080;
description = ''
Which port to proxy to, through localhost, for this virtual host.
This option is incompatible with `root`.
'';
};
root = lib.mkOption {
type = with lib.types; nullOr path;
default = null;
example = "/var/www/blog";
description = ''
The root folder for this virtual host. This option is incompatible
with `port`.
'';
};
extraConfig = lib.mkOption {
type = with lib.types; nullOr lines;
example = lib.literalExpression ''
{
locations."/socket" = {
proxyPass = "http://localhost:8096/";
proxyWebsockets = true;
};
}
'';
default = null;
description = ''
Any extra configuration that should be applied to this virtual host.
'';
};
};
};
in
{
options.my.services.webserver = {
enable = lib.mkEnableOption "webserver";
virtualHosts = lib.mkOption {
type = lib.types.listOf virtualHostOption;
default = [ ];
example = lib.literalExpression ''
[
{
subdomain = "gitea";
port = 8080;
}
{
subdomain = "dev";
root = "/var/www/dev";
}
{
subdomain = "jellyfin";
port = 8096;
extraConfig = {
locations."/socket" = {
proxyPass = "http://localhost:8096/";
proxyWebsockets = true;
};
};
}
]
'';
description = ''
List of virtual hosts to set-up using default settings.
'';
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = lib.allUnique (builtins.filter (p: p != null) (map (v: v.port) cfg.virtualHosts));
message =
let
portsWithSubdomains = builtins.filter (v: v.port != null) cfg.virtualHosts;
duplicates = lib.filter (
p: builtins.length (lib.filter (x: x.port == p.port) portsWithSubdomains) > 1
) portsWithSubdomains;
in
if duplicates == [ ] then
""
else
"Duplicate ports found in my.services.webserver.virtualHosts: "
+ builtins.concatStringsSep ", " (map (v: v.subdomain + ":" + builtins.toString v.port) duplicates);
}
];
services = {
nginx.enable = false;
caddy = {
enable = true;
email = "jupiter@solar.internal";
globalConfig = ''
servers{
}
'';
extraConfig = ''
(compress) {
encode gzip zstd
}
(headers) {
header {
# enable CORS
Access-Control-Allow-Origin "https://${config.networking.domain}"
# disable FLoC tracking
Permissions-Policy interest-cohort=()
# enable HSTS
Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
X-Content-Type-Options "nosniff"
# clickjacking protection
X-Frame-Options "DENY"
# enable XSS protection
X-XSS-Protection "1; mode=block"
# referrer policy
Referrer-Policy "strict-origin-when-cross-origin"
}
}
(common) {
import headers
import compress
}
'';
virtualHosts =
let
mkVHost =
{ subdomain, ... }@args:
lib.nameValuePair "${subdomain}.${domain}" (
lib.foldl lib.recursiveUpdate { } [
{
useACMEHost = domain;
extraConfig = ''
import common
${lib.optionalString (args.root != null) ''
root * ${args.root}
file_server
''}
${lib.optionalString (args.port != null) ''
reverse_proxy localhost:${toString args.port} {
# remove CORS headers from proxied server, because duplicate headers are not allowed
# remove after new release: https://github.com/navidrome/navidrome/commit/657fe11f5327ff7a3cb6aa9308b0bb7c71eea5c6
header_down -Access-Control-Allow-Origin
}
''}
${lib.optionalString (args.extraConfig != null) args.extraConfig}
'';
}
]
);
in
lib.listToAttrs (map mkVHost cfg.virtualHosts);
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
}