patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

chore: fix trace warnings

Browse source 
fix: hyprland nvidia problems(WIP)
This commit is contained in:
Patrick 2024-10-12 18:05:32 +02:00
parent 838b04b12a
commit f386f780b9
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
7 changed files with 270 additions and 169 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

172
modules/actual.nix
View file

@ -6,79 +6,149 @@
}: }:
let let
inherit (lib) inherit (lib)
types getExe
mkEnableOption mkEnableOption
mkPackageOption mkIf
mkOption mkOption
mkPackageOption
types
; ;
cfg = config.services.actual; cfg = config.services.actual;
configFile = formatType.generate "config.json" cfg.settings; configFile = formatType.generate "config.json" cfg.settings;
dataDir = "/var/lib/actual";
formatType = pkgs.formats.json { }; formatType = pkgs.formats.json { };
in in
{ {
options.services.actual = { options.services.actual = {
enable = mkEnableOption "actual, a privacy focused app for managing your finances"; enable = mkEnableOption "actual, a privacy focused app for managing your finances";
package = mkPackageOption pkgs "actual" { }; package = mkPackageOption pkgs "actual-server" { };
user = mkOption {
type = types.str;
default = "actual";
description = ''
User to run actual as.
::: {.note}
If left as the default value this user will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists.
:::
'';
};
group = mkOption {
type = types.str;
default = "actual";
description = ''
Group under which to run.
::: {.note}
If left as the default value this group will automatically be created
on system activation, otherwise the sysadmin is responsible for
ensuring the user exists.
:::
'';
};
openFirewall = mkOption {
default = false;
type = types.bool;
description = "Whether to open the firewall for the specified port.";
};
settings = mkOption { settings = mkOption {
default = { }; default = { };
description = "Server settings, refer to (the documentation)[https://actualbudget.org/docs/config/] for available options.";
type = types.submodule { type = types.submodule {
freeformType = formatType.type; freeformType = formatType.type;
options = {
hostname = mkOption {
type = types.str;
description = "The address to listen on";
default = "::";
};
port = mkOption {
type = types.port;
description = "The port to listen on";
default = 3000;
};
};
config = { config = {
serverFiles = "/var/lib/actual/server-files"; serverFiles = "${dataDir}/server-files";
userFiles = "/var/lib/actual/user-files"; userFiles = "${dataDir}/user-files";
dataDir = "/var/lib/actual"; inherit dataDir;
}; };
}; };
}; };
}; };
config.systemd.services.actual = {
after = [ "network.target" ];
environment.ACTUAL_CONFIG_PATH = configFile;
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/ln -sf ${cfg.package}/migrations /var/lib/actual/";
ExecStart = lib.getExe cfg.package;
User = "actual";
Group = "actual";
DynamicUser = true;
StateDirectory = "actual";
WorkingDirectory = "/var/lib/actual";
LimitNOFILE = "1048576";
PrivateTmp = true;
PrivateDevices = true;
StateDirectoryMode = "0700";
Restart = "always";
# Hardening config = mkIf cfg.enable {
CapabilityBoundingSet = ""; networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.port ];
LockPersonality = true;
#MemoryDenyWriteExecute = true; # Leads to coredump because V8 does JIT users.groups = mkIf (cfg.group == "actual") {
PrivateUsers = true; ${cfg.group} = { };
ProtectClock = true; };
ProtectControlGroups = true;
ProtectHome = true; users.users = mkIf (cfg.user == "actual") {
ProtectHostname = true; ${cfg.user} = {
ProtectKernelLogs = true; isSystemUser = true;
ProtectKernelModules = true; inherit (cfg) group;
ProtectKernelTunables = true; home = dataDir;
ProtectProc = "invisible"; };
ProcSubset = "pid"; };
ProtectSystem = "strict";
RestrictAddressFamilies = [ systemd.services.actual = {
"AF_INET" description = "Actual server, a local-first personal finance app";
"AF_INET6" after = [ "network.target" ];
"AF_NETLINK" wantedBy = [ "multi-user.target" ];
]; environment.ACTUAL_CONFIG_PATH = configFile;
RestrictNamespaces = true; serviceConfig = {
RestrictRealtime = true; ExecStart = getExe cfg.package;
SystemCallArchitectures = "native"; User = cfg.user;
SystemCallFilter = [ Group = cfg.group;
"@system-service" StateDirectory = "actual";
"@pkey" WorkingDirectory = dataDir;
]; LimitNOFILE = "1048576";
UMask = "0077"; PrivateTmp = true;
PrivateDevices = true;
StateDirectoryMode = "0700";
Restart = "always";
# Hardening
CapabilityBoundingSet = "";
LockPersonality = true;
#MemoryDenyWriteExecute = true; # Leads to coredump because V8 does JIT
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProcSubset = "pid";
ProtectSystem = "strict";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service"
"@pkey"
];
UMask = "0077";
};
}; };
wantedBy = [ "multi-user.target" ];
}; };
} }

176
users/common/graphical/wayland/hyprland.nix
View file

@ -1,6 +1,18 @@
{ pkgs, lib, nixosConfig, ... }: {
pkgs,
lib,
nixosConfig,
...
}:
let let
inherit (lib) mkMerge optionals elem mkIf flip concatMap; inherit (lib)
mkMerge
optionals
elem
mkIf
flip
concatMap
;
#from https://github.com/hyprwm/Hyprland/issues/3835 #from https://github.com/hyprwm/Hyprland/issues/3835
float_script = pkgs.writeShellScript "hyprland-bitwarden-float" '' float_script = pkgs.writeShellScript "hyprland-bitwarden-float" ''
handle() { handle() {
@ -34,7 +46,8 @@ let
# Listen to the Hyprland socket for events and process each line with the handle function # Listen to the Hyprland socket for events and process each line with the handle function
${pkgs.socat}/bin/socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done ${pkgs.socat}/bin/socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done
''; '';
in { in
{
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
settings = mkMerge [ settings = mkMerge [
@ -53,100 +66,110 @@ in {
touchpad = { touchpad = {
natural_scroll = true; natural_scroll = true;
disable_while_typing = true; disable_while_typing = true;
clickfinger_behavior = true;
scroll_factor = 0.7; scroll_factor = 0.7;
}; };
}; };
gestures = { workspace_swipe = true; }; gestures = {
workspace_swipe = true;
};
general = { general = {
gaps_in = 0; gaps_in = 0;
gaps_out = 0; gaps_out = 0;
allow_tearing = true; allow_tearing = true;
}; };
render = {
explicit_sync = 0;
direct_scanout = false;
};
binds = { binds = {
focus_preferred_method = 1; focus_preferred_method = 1;
workspace_center_on = 1; workspace_center_on = 1;
}; };
bind = let bind =
monitor_binds = { let
"1" = "j"; monitor_binds = {
"2" = "d"; "1" = "j";
"3" = "u"; "2" = "d";
"4" = "a"; "3" = "u";
"5" = "x"; "4" = "a";
"6" = "F1"; "5" = "x";
"7" = "F2"; "6" = "F1";
"8" = "F3"; "7" = "F2";
"9" = "F4"; "8" = "F3";
}; "9" = "F4";
in [ };
"SUPER,q,killactive," in
"SUPER,return,fullscreen," [
"SUPER,f,togglefloating" "SUPER,q,killactive,"
"SUPER,g,togglegroup" "SUPER,return,fullscreen,"
"SUPER,tab,cyclenext," "SUPER + SHIFT,return,fullscreenstate,2,0,"
"ALT,tab,cyclenext," "SUPER,f,togglefloating"
"SUPER+CTRL,r,submap,resize" "SUPER,g,togglegroup"
"SUPER,tab,cyclenext,"
"ALT,tab,cyclenext,"
"SUPER+CTRL,r,submap,resize"
"SUPER,left,movefocus,l" "SUPER,left,movefocus,l"
"SUPER,right,movefocus,r" "SUPER,right,movefocus,r"
"SUPER,up,movefocus,u" "SUPER,up,movefocus,u"
"SUPER,down,movefocus,d" "SUPER,down,movefocus,d"
"SUPER,n,movefocus,l" "SUPER,n,movefocus,l"
"SUPER,s,movefocus,r" "SUPER,s,movefocus,r"
"SUPER,l,movefocus,u" "SUPER,l,movefocus,u"
"SUPER,r,movefocus,d" "SUPER,r,movefocus,d"
"SUPER,h,changegroupactive,b" "SUPER,h,changegroupactive,b"
"SUPER,m,changegroupactive,f" "SUPER,m,changegroupactive,f"
"SUPER + SHIFT,left,movewindoworgroup,l" "SUPER + SHIFT,left,movewindoworgroup,l"
"SUPER + SHIFT,right,movewindoworgroup,r" "SUPER + SHIFT,right,movewindoworgroup,r"
"SUPER + SHIFT,up,movewindoworgroup,u" "SUPER + SHIFT,up,movewindoworgroup,u"
"SUPER + SHIFT,down,movewindoworgroup,d" "SUPER + SHIFT,down,movewindoworgroup,d"
"SUPER + SHIFT,n,movewindoworgroup,l" "SUPER + SHIFT,n,movewindoworgroup,l"
"SUPER + SHIFT,s,movewindoworgroup,r" "SUPER + SHIFT,s,movewindoworgroup,r"
"SUPER + SHIFT,l,movewindoworgroup,u" "SUPER + SHIFT,l,movewindoworgroup,u"
"SUPER + SHIFT,r,movewindoworgroup,d" "SUPER + SHIFT,r,movewindoworgroup,d"
"SUPER,comma,workspace,-1" "SUPER,comma,workspace,-1"
"SUPER,period,workspace,+1" "SUPER,period,workspace,+1"
"SUPER + SHIFT,comma,movetoworkspace,-1" "SUPER + SHIFT,comma,movetoworkspace,-1"
"SUPER + SHIFT,period,movetoworkspace,+1" "SUPER + SHIFT,period,movetoworkspace,+1"
"SUPER,b,exec,firefox" "SUPER,b,exec,firefox"
"SUPER,t,exec,kitty" "SUPER,t,exec,kitty"
",Menu,exec,fuzzel" ",Menu,exec,fuzzel"
"SUPER,c,exec,${lib.getExe pkgs.scripts.clone-term}" "SUPER,c,exec,${lib.getExe pkgs.scripts.clone-term}"
"CTRL,F7,pass,class:^(discord)$" "CTRL,F7,pass,class:^(discord)$"
"CTRL,F8,pass,class:^(discord)$" "CTRL,F8,pass,class:^(discord)$"
"CTRL,F7,pass,class:^(TeamSpeak 3)$" "CTRL,F7,pass,class:^(TeamSpeak 3)$"
"CTRL,F8,pass,class:^(TeamSpeak 3)$" "CTRL,F8,pass,class:^(TeamSpeak 3)$"
"CTRL,F9,exec,systemctl --user start swww-update-wallpaper" "CTRL,F9,exec,systemctl --user start swww-update-wallpaper"
"SUPER + SHIFT,q,exit" "SUPER + SHIFT,q,exit"
] ++ flip concatMap (map toString (lib.lists.range 1 9)) (x: [ ]
"SUPER,${monitor_binds."${x}"},workspace,${x}" ++ flip concatMap (map toString (lib.lists.range 1 9)) (x: [
"SUPER + SHIFT,${monitor_binds."${x}"},movetoworkspacesilent,${x}" "SUPER,${monitor_binds."${x}"},workspace,${x}"
]); "SUPER + SHIFT,${monitor_binds."${x}"},movetoworkspacesilent,${x}"
]);
cursor.no_warps = true; cursor.no_warps = true;
debug.disable_logs = false; debug.disable_logs = false;
env = [ env =
"NIXOS_OZONE_WL,1" [
"MOZ_ENABLE_WAYLAND,1" "NIXOS_OZONE_WL,1"
"_JAVA_AWT_WM_NONREPARENTING,1" "MOZ_ENABLE_WAYLAND,1"
"QT_WAYLAND_DISABLE_WINDOWDECORATION,1" "_JAVA_AWT_WM_NONREPARENTING,1"
"QT_QPA_PLATFORM,wayland" "QT_WAYLAND_DISABLE_WINDOWDECORATION,1"
"GDK_BACKEND,wayland" "QT_QPA_PLATFORM,wayland"
"WLR_DRM_NO_ATOMIC,1" # retest on newest nvidia driver "GDK_BACKEND,wayland"
"XDG_SESSION_TYPE,wayland" "WLR_DRM_NO_ATOMIC,1" # retest on newest nvidia driver
] ++ optionals "XDG_SESSION_TYPE,wayland"
(elem "nvidia" nixosConfig.services.xserver.videoDrivers) [ ]
++ optionals (elem "nvidia" nixosConfig.services.xserver.videoDrivers) [
# See https://wiki.hyprland.org/Nvidia/ # See https://wiki.hyprland.org/Nvidia/
"LIBVA_DRIVER_NAME,nvidia" "LIBVA_DRIVER_NAME,nvidia"
"GBM_BACKEND,nvidia-drm" "GBM_BACKEND,nvidia-drm"
@ -191,6 +214,7 @@ in {
#baldur #baldur
"immediate, class:^(steam_app_1086940)$" "immediate, class:^(steam_app_1086940)$"
"float, class:^(steam)$, title:^(Friends List)" "float, class:^(steam)$, title:^(Friends List)"
"float, class:^(steam)$, title:(Chat)"
"workspace 2,class:^(firefox)$" "workspace 2,class:^(firefox)$"
"workspace 3,class:^(thunderbird)$" "workspace 3,class:^(thunderbird)$"
"workspace 4,class:^(bottles)$" "workspace 4,class:^(bottles)$"
@ -205,9 +229,9 @@ in {
} }
(mkIf (nixosConfig.node.name == "desktopnix") { (mkIf (nixosConfig.node.name == "desktopnix") {
monitor = [ monitor = [
"DVI-D-1,preferred,0x-1080,1" "DVI-D-1,preferred,0x0,1"
"HDMI-A-1,preferred,0x0,1" "HDMI-A-1,preferred,0x1080,1"
"DP-3,2560x1440@144.00Hz,1920x-540,1" "DP-3,2560x1440@144.00Hz,1920x540,1"
# Thank you NVIDIA for this generous, free-of-charge, extra monitor that # Thank you NVIDIA for this generous, free-of-charge, extra monitor that
# doesn't exist and crashes yoru session sometimes when moving a window to it. # doesn't exist and crashes yoru session sometimes when moving a window to it.
"Unknown-1, disable" "Unknown-1, disable"
@ -223,7 +247,7 @@ in {
"8, monitor:HDMI-A-1, default: true" "8, monitor:HDMI-A-1, default: true"
"9, monitor:HDMI-A-1" "9, monitor:HDMI-A-1"
]; ];
env = [ "HYPRLAND_FLOAT_LOCATION,3800 -400" ]; env = [ "HYPRLAND_FLOAT_LOCATION,3800 680" ];
}) })
(mkIf (nixosConfig.node.name == "patricknix") { (mkIf (nixosConfig.node.name == "patricknix") {
monitor = [ monitor = [

81
users/common/programs/nvim/nixvim/plugins.nix
View file

@ -6,46 +6,49 @@
./plugins/neo-tree.nix ./plugins/neo-tree.nix
]; ];
programs.nixvim.plugins = { programs.nixvim.plugins = {
web-devicons.enable = true;
lualine = { lualine = {
enable = true; enable = true;
extensions = [ settings = {
"fzf" extensions = [
"nvim-dap-ui" "fzf"
"symbols-outline" "nvim-dap-ui"
"trouble" "symbols-outline"
"neo-tree" "trouble"
"quickfix" "neo-tree"
"fugitive" "quickfix"
]; "fugitive"
componentSeparators.left = "";
componentSeparators.right = "";
sectionSeparators.left = "";
sectionSeparators.right = "";
sections = {
lualine_a = [ "mode" ];
lualine_b = [
"branch"
"filename"
]; ];
lualine_c = [ component_separators.left = "";
"diff" component_separators.right = "";
"diagnostics" section_separators.left = "";
]; section_separators.right = "";
lualine_x = [ sections = {
"encoding" lualine_a = [ "mode" ];
"fileformat" lualine_b = [
"filetype" "branch"
]; "filename"
lualine_y = [ "progress" ]; ];
lualine_z = [ "location" ]; lualine_c = [
}; "diff"
inactiveSections = { "diagnostics"
lualine_a = [ "filename" ]; ];
lualine_b = [ ]; lualine_x = [
lualine_c = [ "diagnostics" ]; "encoding"
lualine_x = [ ]; "fileformat"
lualine_y = [ ]; "filetype"
lualine_z = [ "location" ]; ];
lualine_y = [ "progress" ];
lualine_z = [ "location" ];
};
inactiveSections = {
lualine_a = [ "filename" ];
lualine_b = [ ];
lualine_c = [ "diagnostics" ];
lualine_x = [ ];
lualine_y = [ ];
lualine_z = [ "location" ];
};
}; };
}; };
fugitive.enable = true; fugitive.enable = true;
@ -54,7 +57,7 @@
rainbow-delimiters.enable = true; rainbow-delimiters.enable = true;
rustaceanvim = { rustaceanvim = {
enable = true; enable = true;
settings.server.settings.files.excludeDirs = [ ".direnv" ]; settings.server.default_settings.files.excludeDirs = [ ".direnv" ];
}; };
indent-blankline = { indent-blankline = {
enable = true; enable = true;
@ -76,7 +79,7 @@
diffview.enable = true; diffview.enable = true;
treesitter = { treesitter = {
enable = true; enable = true;
indent = true; settings.indent.enable = true;
nixvimInjections = true; nixvimInjections = true;
}; };
#treesitter-context.enable = true; #treesitter-context.enable = true;

2
users/common/programs/nvim/nixvim/plugins/cmp.nix
View file

@ -2,7 +2,7 @@
programs.nixvim.plugins = { programs.nixvim.plugins = {
luasnip = { luasnip = {
enable = true; enable = true;
extraConfig = { settings = {
history = true; history = true;
# Update dynamic snippets while typing # Update dynamic snippets while typing
updateevents = "TextChanged,TextChangedI"; updateevents = "TextChanged,TextChangedI";

4
users/common/programs/nvim/nixvim/plugins/lsp.nix
View file

@ -49,8 +49,8 @@
pyright.enable = true; pyright.enable = true;
texlab.enable = true; texlab.enable = true;
ocamllsp.enable = true; ocamllsp.enable = true;
java-language-server.enable = true; java_language_server.enable = true;
nil-ls = { nil_ls = {
enable = true; enable = true;
settings = { settings = {
formatting.command = [ formatting.command = [

2
users/patrick/impermanence.nix
View file

@ -22,6 +22,8 @@
".config/google-chrome" ".config/google-chrome"
".cache/google-chrome" ".cache/google-chrome"
".config/Mullvad VPN"
# For nextcloud client install # For nextcloud client install
"Nextcloud" "Nextcloud"
".config/Nextcloud" ".config/Nextcloud"

2
users/patrick/patrick.nix
View file

@ -32,6 +32,8 @@
yt-dlp yt-dlp
hyperfine
figlet figlet
cowsay cowsay
cmatrix cmatrix