Lumpiasty/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Lumpiasty/nixos-config:9d09c08f6c1da83ec3c9236490be388a373851f6
Branches Tags
Lumpiasty/nixos-config:main Lumpiasty/nixos-config:nixbsd
..
compare: Lumpiasty/nixos-config:main
Branches Tags
Lumpiasty/nixos-config:main Lumpiasty/nixos-config:nixbsd

4 Commits
9d09c08f6c .. main

Author SHA1 Message Date
Lumpiasty 708d132730 Enable 464CLAT on acer 2026-06-13 02:45:21 +02:00
Lumpiasty 61c113dcd0 fix acer suspend 2026-06-09 02:31:49 +02:00
Lumpiasty 5c8f6f23bd enable undervolt settings and expose 8080 2026-06-09 02:08:47 +02:00
Lumpiasty 1dc0167af4 Remove TODOs as moved to Kaneo 2026-06-02 23:16:26 +02:00
9 changed files with 365 additions and 95 deletions
Expand all files Collapse all files
TODO.md
-90
View File
@@ -1,90 +0,0 @@
1. [*] Pozbyć się conditional importów
1. https://github.com/nix-community/plasma-manager
- [*] pasek zadań
- [*] zmienić na ikonowo-tekstowy
- [*] Ikonki na pasku zadań, które mają być ukryte, pokazane
- [*] ukryć spotify
- [*] pokazać baterię, wifi, jasność, dźwięk, muzyka
- reguły okien:
- minimalny rozmiar discord - lepiej zmienić ustawienie vesktopa
- [*] nie wyłączaj głądzika przy pisaniu
- [*] prędkość przewijania na gładziku
- domyślne programy - rozpisać jakie
- libreoffice writer dla .doc
- [*] wskaźnik myszy
- menedżer plików
- rozwinięty terminal
- ukryte pliki
- [*] tryb nocny włączyć
- zarządzanie zasilaniem
- wyłączyć usypianie na pc
- [*] rozpoczynanie posiedzenia pustym pulpitem, nie przywracanie poprzednich aplikacji
- nie włączaj automatycznie trybu nie przeszkadzać w pełnym ekranie
- default browser librewolf
2. https://github.com/gmodena/nix-flatpak
3. https://github.com/NixOS/nixos-hardware
- dla acera
5. [*] Przenieść programy desktop do home-manager
6. librewolf
- native messaging
- kde integration
- dodatki
- qr code
- libredirect
- privacy badger
- wayback machine
- zakładki? synchronizacja?
7. firewall?
8. zramswap writeback
9. Drukarka
10. [*] Usunąć system-wide users?
11. Deklaratywne dodawanie klucza yubikey do gpg?
12. Flatpaki deklaratwynie
13. Yubikey rozblokowywanie PAM, blokowanie ekranu?
14. home-manager moduły:
- vesktop - jakiś wrapper / paczka aby kopiował ustawienia przy starcie vesktopa bo głupie linki wywalają program bo readonly
- spotify
- język
- uruchamianie zminimalizowany
- zamknij aby zminimalizować do paska
- wyłączyć powiadomienia na pulpicie przy zmianie utworu
- easyeffects
- autostart
- presety
- ts3?
- qtpass
- używaj pass zamiast gpg native
- używaj git
- autokopiowanie
- minimalizowanie do paska stanu przy zamknięciu
- autostart zminimalizowany
- ukryte hasła
15. system76-scheduler + kde integracja
16. Rozpisać przywracanie danych, gdzie są najważniejsze dane
- przeglądarka
- gpg, jak doprowadzić do działania
- hasła
- discord
- spotify
- ts3
- prismlauncher
- kube
- docker
- networkmanager połączenia
17. Vscodium
- Auto Detect Color Scheme
- dodatki
18. nixpack sandboxing
19. Procedura instalacji systemu, od sklonowania repo
20. qtpass czasami crashuje https://github.com/IJHack/QtPass/issues/663
21. Moduł do signal
- minimalizowanie do zasobnika
22. Command not found
23. Undervolting acer, limit mocy (jeśli się da)
24. Spicetify
25. Theme, catpuccin?
26. https://redlib.nadeko.net/r/unixporn/comments/1l5ll27/hyprland_i_3_quickshell/
27. Donut browser, Camoufox
28. cups, sane w home-manager
29. earlyoom
30. Llama.cpp, expose via tailscale, allow from homelab's openwebui
hosts/acer.nix
+11 -5
View File
@@ -89,6 +89,7 @@ rec {
laptop = true; laptop = true;
gaming = true; gaming = true;
enableTailscale = true; enableTailscale = true;
ipv6Mostly = true;
}; };
virtualisation.vmVariant = { virtualisation.vmVariant = {
@@ -100,6 +101,8 @@ rec {
# For dev vm stuff # For dev vm stuff
networking.firewall.trustedInterfaces = [ "br0" ]; networking.firewall.trustedInterfaces = [ "br0" ];
# Local LLaMA.cpp server
networking.firewall.allowedTCPPorts = [ 8080 ];
# Battery driver # Battery driver
boot.extraModulePackages = [ boot.extraModulePackages = [
@@ -114,14 +117,15 @@ rec {
]; ];
boot.kernelModules = [ "acer-wmi-ext" ]; boot.kernelModules = [ "acer-wmi-ext" ];
# Breaks sleep, not enabling for now # # Installs ryzenadj + ryzen_smu kernel module for manual undervolt experiments.
# # Does not auto-apply any tuning yet.
# lumpiasty.acerUndervolt = true; # lumpiasty.acerUndervolt = true;
boot.initrd.kernelModules = [ "amdgpu" "thunderbolt" ]; boot.initrd.kernelModules = [ "amdgpu" "thunderbolt" ];
boot.kernelParams = [ boot.kernelParams = [
# https://community.frame.work/t/attn-critical-bugs-in-amdgpu-driver-included-with-kernel-6-18-x-6-19-x/79221 # # https://community.frame.work/t/attn-critical-bugs-in-amdgpu-driver-included-with-kernel-6-18-x-6-19-x/79221
"amdgpu.cwsr_enable=0" # "amdgpu.cwsr_enable=0"
# Increase GPU memory limits # Increase GPU memory limits
"ttm.pages_limit=7864320" # 30GB in pages (30 * 1024 * 1024 * 1024 / 4096) "ttm.pages_limit=7864320" # 30GB in pages (30 * 1024 * 1024 * 1024 / 4096)
@@ -130,8 +134,8 @@ rec {
"amdttm.page_pool_size=7864320" "amdttm.page_pool_size=7864320"
]; ];
programs.corectrl.enable = true; # programs.corectrl.enable = true;
hardware.amdgpu.overdrive.enable = true; # hardware.amdgpu.overdrive.enable = true;
fonts = { fonts = {
fontconfig = { fontconfig = {
@@ -155,6 +159,8 @@ rec {
}; };
}; };
programs.wireshark.enable = true;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
modules/default.nix
+1
View File
@@ -15,6 +15,7 @@
system/users.nix system/users.nix
system/ssh.nix system/ssh.nix
system/gaming.nix system/gaming.nix
system/ipv6-mostly.nix
system/nix.nix system/nix.nix
system/zfs.nix system/zfs.nix
modules/system/ipv6-mostly.nix
+27
View File
@@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
# IPv6-mostly support via NetworkManager (RFC 8925 + RFC 6877 / 464XLAT).
# Requires NetworkManager >= 1.58 (pkgs.networkmanager-clat in practice).
# Sets ipv4.clat=auto and ipv4.dhcp-ipv6-only-preferred=auto as connection
# defaults, mirroring the Fedora 45 change:
# https://fedoraproject.org/wiki/Changes/IPv6-Mostly_Support_In_NetworkManager
{
options.lumpiasty.ipv6Mostly = lib.mkEnableOption "Enable IPv6-mostly (RFC 8925 + CLAT/464XLAT) support in NetworkManager";
config = lib.mkIf config.lumpiasty.ipv6Mostly {
# Use the patched NM build with CLAT support, without replacing pkgs.networkmanager
# globally (which would cascade rebuilds across the entire system closure).
networking.networkmanager.package = pkgs.networkmanager-clat;
# Drop a conf.d snippet that sets connection-level defaults.
# NM reads /etc/NetworkManager/conf.d/*.conf in addition to NetworkManager.conf.
environment.etc."NetworkManager/conf.d/99-ipv6-mostly.conf".text = ''
# IPv6-mostly: automatically enable CLAT (464XLAT) and DHCPv4 option 108
# when the network advertises PREF64 and/or option 108 (RFC 8925).
# On networks without these, behaviour is unchanged (native IPv4 proceeds).
[connection-defaults]
ipv4.clat=auto
ipv4.dhcp-ipv6-only-preferred=auto
'';
};
}
overlays/pkgs.nix
+7
View File
@@ -10,5 +10,12 @@
openldap = prev.openldap.overrideAttrs { openldap = prev.openldap.overrideAttrs {
doCheck = !prev.stdenv.hostPlatform.isi686; doCheck = !prev.stdenv.hostPlatform.isi686;
}; };
# NetworkManager 1.57.4-dev: adds ipv4.clat (CLAT/464XLAT) needed for IPv6-mostly.
# Used via networking.networkmanager.package — does not replace pkgs.networkmanager globally.
# Remove once nixpkgs ships networkmanager >= 1.58 stable.
networkmanager-clat = assert final.lib.assertMsg
(final.lib.versionOlder prev.networkmanager.version "1.58")
"nixpkgs now ships NetworkManager ${prev.networkmanager.version} >= 1.58 remove the override in overlays/pkgs.nix and pkgs/networkmanager-dev/";
prev.callPackage ../pkgs/networkmanager-dev/package.nix { };
}) })
] ]
pkgs/networkmanager-dev/clat-skip-deprecated-prefixes.patch
+14
View File
@@ -0,0 +1,14 @@
--- a/src/core/nm-l3cfg.c 2026-06-13 01:43:36.576149959 +0200
+++ b/src/core/nm-l3cfg.c 2026-06-13 01:43:46.979332451 +0200
@@ -4261,6 +4261,11 @@
* draft-ietf-v6ops-claton-14 Section 7 */
nm_l3_config_data_iter_ip6_address_for_each (&iter, l3cd, &ip6_entry) {
if (ip6_entry->addr_source == NM_IP_CONFIG_SOURCE_NDISC && ip6_entry->plen == 64) {
+ /* RFC 6724 rule 3: avoid deprecated addresses. Skip prefixes
+ * advertised with a zero preferred lifetime, they are being
+ * phased out and must not be used for new communication. */
+ if (ip6_entry->lifetime != 0 && ip6_entry->preferred == 0)
+ continue;
if (_clat_prefix_is_better(best_prefix, ip6_entry, &pref64))
best_prefix = ip6_entry;
}
pkgs/networkmanager-dev/fix-install-paths.patch
+16
View File
@@ -0,0 +1,16 @@
diff --git a/meson.build b/meson.build
index 61c025b9d7..d2ae60da34 100644
--- a/meson.build
+++ b/meson.build
@@ -1025,9 +1025,9 @@ meson.add_install_script(
join_paths('tools', 'meson-post-install.sh'),
nm_datadir,
nm_bindir,
- nm_pkgconfdir,
+ nm_prefix + nm_pkgconfdir,
nm_pkglibdir,
- nm_pkgstatedir,
+ nm_prefix + nm_pkgstatedir,
nm_mandir,
nm_sysconfdir,
enable_docs ? '1' : '0',
pkgs/networkmanager-dev/fix-paths.patch
+48
View File
@@ -0,0 +1,48 @@
diff --git a/data/84-nm-drivers.rules b/data/84-nm-drivers.rules
index 148acade5c..6395fbfbe5 100644
--- a/data/84-nm-drivers.rules
+++ b/data/84-nm-drivers.rules
@@ -7,6 +7,6 @@ ACTION!="add|change|move", GOTO="nm_drivers_end"
# Determine ID_NET_DRIVER if there's no ID_NET_DRIVER or DRIVERS (old udev?)
ENV{ID_NET_DRIVER}=="?*", GOTO="nm_drivers_end"
DRIVERS=="?*", GOTO="nm_drivers_end"
-PROGRAM="/bin/sh -c '/usr/sbin/ethtool -i $$1 |/usr/bin/sed -n s/^driver:\ //p' -- $env{INTERFACE}", ENV{ID_NET_DRIVER}="%c"
+PROGRAM="@runtimeShell@ -c '@ethtool@/bin/ethtool -i $$1 |@gnused@/bin/sed -n s/^driver:\ //p' -- $env{INTERFACE}", ENV{ID_NET_DRIVER}="%c"
LABEL="nm_drivers_end"
diff --git a/src/libnmc-base/nm-vpn-helpers.c b/src/libnmc-base/nm-vpn-helpers.c
index cbe76f5f1c..6ec684f9fe 100644
--- a/src/libnmc-base/nm-vpn-helpers.c
+++ b/src/libnmc-base/nm-vpn-helpers.c
@@ -284,15 +284,6 @@ nm_vpn_openconnect_authenticate_helper(NMSettingVpn *s_vpn, GPtrArray *secrets,
const char *const *iter;
const char *path;
const char *opt;
- const char *const DEFAULT_PATHS[] = {
- "/sbin/",
- "/usr/sbin/",
- "/usr/local/sbin/",
- "/bin/",
- "/usr/bin/",
- "/usr/local/bin/",
- NULL,
- };
const char *oc_argv[(12 + 2 * G_N_ELEMENTS(oc_property_args))];
const char *gw;
int port;
@@ -311,13 +302,8 @@ nm_vpn_openconnect_authenticate_helper(NMSettingVpn *s_vpn, GPtrArray *secrets,
port = extract_url_port(gw);
- path = nm_utils_file_search_in_paths("openconnect",
- "/usr/sbin/openconnect",
- DEFAULT_PATHS,
- G_FILE_TEST_IS_EXECUTABLE,
- NULL,
- NULL,
- error);
+ path = g_find_program_in_path("openconnect");
+
if (!path)
return FALSE;
pkgs/networkmanager-dev/package.nix
+241
View File
@@ -0,0 +1,241 @@
# NetworkManager 1.57.4-dev — development snapshot with ipv4.clat (CLAT/464XLAT) support.
# Required for IPv6-mostly / RFC 8925 + RFC 6877 on NixOS until 1.58 stable lands in nixpkgs.
# Remove this override once nixpkgs ships networkmanager >= 1.58.
{
lib,
stdenv,
fetchurl,
replaceVars,
gettext,
pkg-config,
dbus,
gitUpdater,
libuuid,
polkit,
gnutls,
ppp,
dhcpcd,
iptables,
nftables,
python3,
vala,
libgcrypt,
dnsmasq,
bluez5,
readline,
libselinux,
audit,
gobject-introspection,
perl,
modemmanager,
openresolv,
libndp,
newt,
ethtool,
gnused,
iputils,
kmod,
jansson,
elfutils,
gtk-doc,
libxslt,
docbook_xsl,
docbook_xml_dtd_412,
docbook_xml_dtd_42,
docbook_xml_dtd_43,
curl,
meson,
mesonEmulatorHook,
ninja,
bpftools,
llvmPackages,
libbpf,
libnvme,
libpsl,
mobile-broadband-provider-info,
runtimeShell,
buildPackages,
nixosTests,
systemd,
udev,
udevCheckHook,
withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd,
withNbft ? false,
}:
let
pythonForDocs = python3.pythonOnBuildForHost.withPackages (pkgs: with pkgs; [ pygobject3 ]);
in
stdenv.mkDerivation (finalAttrs: {
pname = "networkmanager";
version = "1.57.4-dev";
src = fetchurl {
# Use the stable release tarball (not the git archive) — GitLab git archives are not content-stable.
url = "https://gitlab.freedesktop.org/api/v4/projects/411/packages/generic/NetworkManager/${finalAttrs.version}/NetworkManager-${finalAttrs.version}.tar.xz";
hash = "sha256-ThYPO/0YsmFSc2Qol1ZAoQb1qdtjPRg+rvxpUzKe0sA=";
};
outputs = [
"out"
"dev"
"devdoc"
"man"
"doc"
];
mesonFlags = [
"--sysconfdir=/etc"
"--localstatedir=/var"
(lib.mesonOption "systemdsystemunitdir" (
if withSystemd then "${placeholder "out"}/etc/systemd/system" else "no"
))
"-Dudev_dir=${placeholder "out"}/lib/udev"
"-Ddbus_conf_dir=${placeholder "out"}/share/dbus-1/system.d"
"-Dkernel_firmware_dir=/run/current-system/firmware"
"-Dmodprobe=${kmod}/bin/modprobe"
(lib.mesonOption "session_tracking" (if withSystemd then "systemd" else "no"))
(lib.mesonBool "systemd_journal" withSystemd)
"-Dlibaudit=yes-disabled-by-default"
"-Dpolkit_agent_helper_1=/run/wrappers/bin/polkit-agent-helper-1"
"-Diwd=true"
"-Dpppd=${ppp}/bin/pppd"
"-Diptables=${iptables}/bin/iptables"
"-Dnft=${nftables}/bin/nft"
"-Dmodem_manager=true"
"-Dnmtui=true"
"-Ddnsmasq=${dnsmasq}/bin/dnsmasq"
"-Dqt=false"
(lib.mesonBool "nbft" withNbft)
"-Dresolvconf=${openresolv}/bin/resolvconf"
"-Ddhcpcd=${dhcpcd}/bin/dhcpcd"
"-Ddocs=${lib.boolToString (stdenv.buildPlatform == stdenv.hostPlatform)}"
"-Dman=${lib.boolToString (stdenv.buildPlatform == stdenv.hostPlatform)}"
"-Dtests=no"
"-Dcrypto=gnutls"
"-Dmobile_broadband_provider_info_database=${mobile-broadband-provider-info}/share/mobile-broadband-provider-info/serviceproviders.xml"
];
patches = [
(replaceVars ./fix-paths.patch {
inherit
ethtool
gnused
;
inherit runtimeShell;
})
./fix-install-paths.patch
# CLAT prefix selection ignores RFC 6724 rule 3 (avoid deprecated addresses):
# a deprecated prefix (preferred lifetime 0) can win the selection and break
# CLAT with an unroutable source address. Report upstream, then drop this.
./clat-skip-deprecated-prefixes.patch
];
buildInputs = [
(if withSystemd then systemd else udev)
libselinux
audit
libpsl
libuuid
polkit
ppp
libndp
curl
mobile-broadband-provider-info
bluez5
dnsmasq
modemmanager
readline
newt
jansson
dbus
libbpf
]
++ lib.optionals withNbft [
libnvme
];
propagatedBuildInputs = [
gnutls
libgcrypt
];
# Disable hardening flags that break clang -target bpf (CLAT BPF compilation).
# Same workaround as nixpkgs systemd package.
hardeningDisable = [ "zerocallusedregs" "shadowstack" "pacret" ];
nativeBuildInputs = [
meson
ninja
gettext
pkg-config
# BPF compiler for CLAT/464XLAT — must use buildPackages to avoid splicing issues
bpftools
buildPackages.llvmPackages.clang
buildPackages.llvmPackages.libllvm
vala
gobject-introspection
perl
elfutils
gtk-doc
libxslt
docbook_xsl
docbook_xml_dtd_412
docbook_xml_dtd_42
docbook_xml_dtd_43
pythonForDocs
udevCheckHook
]
++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [
mesonEmulatorHook
];
doCheck = false;
postPatch = ''
patchShebangs ./tools
patchShebangs libnm/generate-setting-docs.py
# TODO: submit upstream
substituteInPlace meson.build \
--replace "'vala', req" "'vala', native: false, req"
''
+ lib.optionalString withSystemd ''
substituteInPlace data/NetworkManager.service.in \
--replace-fail /usr/bin/busctl ${systemd}/bin/busctl
'';
preBuild = ''
mkdir -p ${placeholder "out"}/lib
ln -s $PWD/src/libnm-client-impl/libnm.so.0 ${placeholder "out"}/lib/libnm.so.0
'';
postFixup = lib.optionalString (stdenv.buildPlatform != stdenv.hostPlatform) ''
cp -r ${buildPackages.networkmanager.devdoc} $devdoc
cp -r ${buildPackages.networkmanager.man} $man
'';
doInstallCheck = true;
passthru = {
tests = {
inherit (nixosTests.networking) networkmanager;
};
};
meta = {
homepage = "https://networkmanager.dev";
description = "Network configuration and management tool (1.57.4-dev with CLAT/ipv6-mostly support)";
license = lib.licenses.gpl2Plus;
maintainers = with lib.maintainers; [ obadz ];
teams = [ lib.teams.freedesktop ];
platforms = lib.platforms.linux;
badPlatforms = [
lib.systems.inspect.platformPatterns.isStatic
];
};
})