Configuration changes, new services

fish/config.fish

@@ -9,7 +9,8 @@ alias dpdup="xrandr --output DP-1 --auto --same-as eDP-1 --rotate normal --outpu
 alias monoff="xrandr --output HDMI-1 --off --output HDMI-2 --off --output DP-1 --off --output eDP-1 --auto"
 alias cdl="cd ~/development/leveris"
 
+set -x JAVA_HOME "/home/nnm/.nix-profile/lib/openjdk"
 set -x JAVA_TOOL_OPTIONS "-Djavax.net.ssl.trustStore=/home/nnm/cacerts"
-set -x SBT_OPTS "-Xmx2G -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled -Xss2M"
+set -x JVM_OPTS "-Xmx2G -Xss2M -XX:+UseG1GC -XX:+CMSClassUnloadingEnabled"
 
 set fish_greeting

fish/fish_variables

@@ -1,6 +1,7 @@
 # This file contains fish universal variable definitions.
 # VERSION: 3.0
 SETUVAR __fish_init_2_3_0:\x1d
+SETUVAR __fish_initialized:3100
 SETUVAR fish_color_autosuggestion:555\x1ebrblack
 SETUVAR fish_color_cancel:\x2dr
 SETUVAR fish_color_command:005fd7
@@ -12,6 +13,7 @@ SETUVAR fish_color_error:ff0000
 SETUVAR fish_color_escape:00a6b2
 SETUVAR fish_color_history_current:\x2d\x2dbold
 SETUVAR fish_color_host:normal
+SETUVAR fish_color_host_remote:yellow
 SETUVAR fish_color_match:\x2d\x2dbackground\x3dbrblue
 SETUVAR fish_color_normal:normal
 SETUVAR fish_color_operator:00a6b2
@@ -20,10 +22,12 @@ SETUVAR fish_color_quote:999900
 SETUVAR fish_color_redirection:00afff
 SETUVAR fish_color_search_match:bryellow\x1e\x2d\x2dbackground\x3dbrblack
 SETUVAR fish_color_selection:white\x1e\x2d\x2dbold\x1e\x2d\x2dbackground\x3dbrblack
+SETUVAR fish_color_status:red
 SETUVAR fish_color_user:brgreen
 SETUVAR fish_color_valid_path:\x2d\x2dunderline
 SETUVAR fish_greeting:\x1d
 SETUVAR fish_key_bindings:fish_default_key_bindings
+SETUVAR fish_pager_color_completion:\x1d
 SETUVAR fish_pager_color_description:B3A06D\x1eyellow
 SETUVAR fish_pager_color_prefix:white\x1e\x2d\x2dbold\x1e\x2d\x2dunderline
 SETUVAR fish_pager_color_progress:brwhite\x1e\x2d\x2dbackground\x3dcyan

kitty/kitty.conf

@@ -9,5 +9,17 @@ cursor_blink_interval         1.0
 cursor_stop_blinking_after    20.0
 cursor_shape                  underline 
 scrollback_lines              10000
-remember_window_size          no
+remember_window_size          yes
+initial_window_width          1480
+initial_window_height         1000
+draw_minimal_borders          yes
+window_border_width           0.0
+window_margin_width           0.0
+window_padding_width          0.0
+inactive_text_alpha           0.4
+tab_bar_edge                  bottom
+enable_audio_bell             no
+background_opacity            0.9
+background                    #0f0f0f
 term                          xterm-256color
+

nixos/configuration.nix

@@ -13,24 +13,37 @@
     ];
 
   # Use the systemd-boot EFI boot loader.
+  boot.kernelPackages = pkgs.linuxPackages_latest;
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
+  boot.plymouth.enable = true;
+  boot.extraModprobeConfig = ''
+    options hid_apple fnmode=2
+  '';
 
   networking = {
     hostName = "lenovo";
     #wireless.enable = true;
     useDHCP = false;
     #wicd.enable = true;
-    networkmanager.enable = true;
+    networkmanager = {
+      enable = true;
+    };
+    extraHosts = ''
+      89.176.42.143 pkcloud
+    '';
   };
 
   # Select internationalisation properties.
   i18n = {
-    consoleFont = "Lat2-Terminus16";
-    consoleKeyMap = "us";
     defaultLocale = "en_US.UTF-8";
   };
 
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "us";
+  };
+
   # Set your time zone.
   time.timeZone = "Europe/Prague";
 
@@ -40,29 +53,25 @@
     wget
     bind
     vim
-    firefox
+    #firefox
-    ranger
+    (firefox.override { extraNativeMessagingHosts = [ passff-host ]; })
-    keepass
+    brave
-    tdesktop
+    xdg-desktop-portal-kde
+    plasma-browser-integration
+    keepassxc
     kitty
     fish
     transmission_gtk
     wireshark
     vlc
-    mpv
     moc
     libmtp
-    go-mtpfs
     usbutils
     binutils-unwrapped
     patchelf
     file
     highlight
     mediainfo
-    breeze-icons.out
-    gnome3.adwaita-icon-theme
-    hicolor_icon_theme
-    #libreoffice-fresh
     xfontsel
     xorg.xbacklight
     xorg.xev
@@ -70,76 +79,61 @@
     ntfs3g
     htop
     git
+    gitRepo
     lm_sensors
+    acpi
     pavucontrol
-    openjdk8
+    #openjdk8
-    openjdk11
+    #openjdk11
     #graalvm8
     visualvm
     scala
     dotty
-    sbt
+    (sbt.override { jre = pkgs.openjdk; })
-    jetbrains.idea-community
     docker
-    protobuf3_5
+    protobuf3_9
     openssl
     openssl.dev
     pv
-    #virtualbox
     graphviz
     wirelesstools
-    mattermost-desktop
     openfortivpn
-    simplenote
-    i3lock
-    i3blocks
-    scrot
     imagemagick
-    xautolock
     squashfsTools
-    #skypeforlinux
-    vscode
     rpm
     unzip
     chromium
     #masterpdfeditor
     telnet
-    geteltorito
+    #geteltorito
-    #gradle
     nix-index
-    zoom-us
-    krita
     maven
     nodejs
-    #jmeter
     mongodb-tools
     screen
     p7zip
     zlib.static
     zlib.dev
-    llvm
+    #llvm
-    clang
+    #clang
     gcc
-    libunwind.out
+    #libunwind.out
-    libunwind.dev
+    #libunwind.dev
     re2
     robo3t
-    nextcloud-client
+    #nextcloud-client
     cmake
     gnumake
     gperf
-    #calibre
     netcat-gnu
     smartmontools
-    teamviewer
     unrar
     docker_compose
-    #androidenv.androidPkgs_9_0.platform-tools
+    #(python3.withPackages (ps: with ps; [ setuptools ]))
-    python3
+    jenkins-job-builder
     sysstat
     yad
     xdotool
-    breeze-icons
     okular
     dolphin
     kcalc
@@ -148,8 +142,34 @@
     spectacle
     ark
     filelight
-    thunderbird
     ffmpeg
+    poppler_utils
+    libusb
+    pcsclite
+    pcsctools
+    easyrsa
+    openvpn
+    #qtcreator
+    tcpdump
+    kdiff3
+    xscreensaver
+    aqemu
+    flatpak
+    jq
+    android-file-transfer
+    pass
+    passff-host
+    minikube
+    yed
+    pencil
+    dia
+    mongodb-tools
+    meld
+    gnuplot
+    #mysql-workbench
+    #zookeeper
+    wireguard
+    wireguard-tools
   ];
 
   fonts = {
@@ -164,23 +184,48 @@
   nixpkgs.config = {
     allowUnfree = true;
     android_sdk.accept_license = true;
+    firefox.enablePlasmaBrowserIntegration = true;
+    permittedInsecurePackages = [
+      "openssl-1.0.2u"
+    ];
   };
 
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   # programs.bash.enableCompletion = true;
   # programs.mtr.enable = true;
-  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+  programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
+  programs.wireshark.enable = true;
 
   # List services that you want to enable:
 
+  services.openvpn.servers = {
+    client = {
+      config = ''
+        client
+        dev             tun
+        proto           udp
+        remote          192.168.1.5 1194
+        nobind
+        ca              /home/nnm/openvpn/ca.crt
+        cert            /home/nnm/openvpn/lenovo-laptop1.crt
+        key             /home/nnm/openvpn/lenovo-laptop1.key
+        tls-auth        /home/nnm/openvpn/ta.key 1
+        remote-cert-tls server
+      '';
+    };
+  };
+
+  services.flatpak.enable = true;
+  services.pcscd.enable = true;
+
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
   services.teamviewer.enable = true;
 
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [ 88 8443 111 2049 ];
-  networking.firewall.allowedUDPPorts = [ 111 2049 ];
+  networking.firewall.allowedUDPPorts = [ 111 2049 1194 ];
   # Or disable the firewall altogether.
   #networking.firewall.enable = false;
 
@@ -188,15 +233,11 @@
   services.printing.enable = true;
   services.printing.drivers = [ pkgs.splix ];
 
-  services.mongodb.enable = true;
+  #services.mongodb.enable = true;
-  services.postgresql = {
+  #services.postgresql = {
-    enable = true;
+  #  enable = true;
-    ensureUsers = [
+  #  ensureUsers = [ { name = "nnm"; } ];
-      {
+  #};
-        name = "nnm";
-      }
-    ];
-  };
 
   # keyring
   #services.gnome3.gnome-keyring.enable = true;
@@ -211,31 +252,51 @@
   # Enable touchpad support.
   services.xserver.libinput.enable = true;
 
-  services.xserver.displayManager.lightdm.enable = true;
+  # i3
-  services.xserver.windowManager.i3.enable = true;
+  #services.xserver.displayManager.lightdm.enable = true;
+  #services.xserver.windowManager.i3.enable = true;
   
-  virtualisation.docker.enable = true;
+  # kde
+  services.xserver.displayManager.sddm.enable = true;
+  services.xserver.desktopManager.plasma5.enable = true;
 
-  virtualisation.virtualbox.host.enable = true;
+  # virtualisation
-  users.extraGroups.vboxusers.members = [ "nnm" ];
+  virtualisation = {
+    docker.enable = true;
+    libvirtd = {
+      enable = true;
+      qemuPackage = pkgs.qemu_kvm;
+    };
+  };
+  #virtualisation.virtualbox.host.enable = true;
+  #users.extraGroups.vboxusers.members = [ "nnm" ];
+
+  services.accounts-daemon.enable = true;
 
   sound.enable = true;
-  hardware.pulseaudio.enable = true;
 
   environment.pathsToLink = [ "/share" ];
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.extraUsers.nnm = {
+  users.users.nnm = {
     isNormalUser = true;
     uid = 1000;
     shell = pkgs.fish;
-    extraGroups = ["audio" "networkmanager" "wireshark" "wheel" "docker"];
+    extraGroups = ["audio" "networkmanager" "wireshark" "wheel" "docker" "kvm" "libvirtd"];
   };
 
+  #services.minidlna = {
+  #  enable = true;
+  #  mediaDirs = [ "/mnt/downloads" ];
+  #  config = ''
+  #    notify_interval=10
+  #  '';
+  #};
+
   fileSystems."/mnt/pkcloud-export" = {
     device = "192.168.1.5:/";
     fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" "user" ];
+    options = [ "x-systemd.automount" "noauto" "user" "soft" "timeo=10"];
   };
 
   security.wrappers = {
@@ -243,12 +304,10 @@
     "umount.nfs".source = "${pkgs.nfs-utils.out}/bin/umount.nfs";
   };
 
-  #virtualisation.virtualbox.host.enable = true;
-  #virtualisation.virtualbox.host.enableExtensionPack = true;
-
   # This value determines the NixOS release with which your system is to be
   # compatible, in order to avoid breaking some software such as database
   # servers. You should change this only after NixOS release notes say you
   # should.
-  system.stateVersion = "19.09"; # Did you read the comment?
+  system.stateVersion = "20.09"; # Did you read the comment?
 }
+

nixos/hardware-configuration.nix

@@ -10,7 +10,7 @@
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
   boot.kernelModules = [ "kvm-intel" ];
-  boot.extraModulePackages = [ ];
+  boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
   boot.cleanTmpDir = true;
 
   fileSystems."/" =
@@ -32,6 +32,31 @@
 
   nix.maxJobs = lib.mkDefault 4;
   powerManagement.cpuFreqGovernor = "powersave";
-  hardware.bluetooth.enable = true;
+  hardware.bluetooth = {
-  hardware.opengl.enable = true;
+    enable = true;
+    config = {
+      General = {
+        Enable = "Source,Sink,Media,Socket";
+      };
+    };
+  };
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+  };
+
+  hardware.opengl = { 
+    enable = true;
+    extraPackages = with pkgs; [
+      vaapiIntel
+      vaapiVdpau
+      libvdpau-va-gl
+    ];
+  };
+  hardware.pulseaudio = {
+    enable = true;
+    extraModules = [ pkgs.pulseaudio-modules-bt ];
+    package = pkgs.pulseaudioFull;
+  };
 }
+

services/docker-compose.yml

@@ -0,0 +1,21 @@
+version: '3.1'
+services:
+  mongo:
+    container_name: mongodb
+    restart: always
+    command: ["--bind_ip_all"]
+    image: mongo:4
+    #    environment:
+    #      MONGO_INITDB_ROOT_USERNAME: root
+    #      MONGO_INITDB_ROOT_PASSWORD: root
+    ports:
+      - "27017:27017"
+    volumes:
+      - /var/db/mongodb:/data/db
+    networks:
+      - mongo
+
+networks:
+  mongo:
+    driver: bridge
+