From c6deea451af1af2fdf4aee7f1ed74209f312a9b3 Mon Sep 17 00:00:00 2001 From: Fuwn Date: Tue, 3 Sep 2024 01:52:03 -0700 Subject: modules --- modules/services/default.nix | 6 ++ modules/services/openntpd.nix | 10 +++ modules/services/openssh.nix | 20 ++++++ modules/services/pia.nix | 3 +- modules/services/pipewire.nix | 152 +++++++++++++++++++++++++++++++++++++++ modules/services/wireplumber.nix | 42 +++++++++++ 6 files changed, 231 insertions(+), 2 deletions(-) create mode 100644 modules/services/openntpd.nix create mode 100644 modules/services/wireplumber.nix (limited to 'modules/services') diff --git a/modules/services/default.nix b/modules/services/default.nix index 38f4c42..5737d0c 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -5,10 +5,13 @@ ./dbus.nix ./fail2ban.nix ./libinput.nix + ./ollama.nix + ./openntpd.nix ./openssh.nix ./pia.nix ./pipewire.nix ./resolved.nix + # ./wireplumber.nix ./xserver.nix ]; @@ -18,5 +21,8 @@ fstrim.enable = true; gvfs.enable = true; udev.packages = with pkgs; [ pkgs.logitech-udev-rules ]; + thermald.enable = true; + chrony.enable = false; + timesyncd.enable = true; }; } diff --git a/modules/services/openntpd.nix b/modules/services/openntpd.nix new file mode 100644 index 0000000..ebd148d --- /dev/null +++ b/modules/services/openntpd.nix @@ -0,0 +1,10 @@ +{ + services.openntpd = { + enable = true; + + extraConfig = '' + listen on 127.0.0.1 + listen on ::1 + ''; + }; +} diff --git a/modules/services/openssh.nix b/modules/services/openssh.nix index d4926c1..b970945 100644 --- a/modules/services/openssh.nix +++ b/modules/services/openssh.nix @@ -3,5 +3,25 @@ enable = true; ports = [ 2222 ]; openFirewall = true; + + settings = { + UseDns = false; + X11Forwarding = false; + + KexAlgorithms = [ + "curve25519-sha256" + "curve25519-sha256@libssh.org" + "diffie-hellman-group16-sha512" + "diffie-hellman-group18-sha512" + "diffie-hellman-group-exchange-sha256" + "sntrup761x25519-sha512@openssh.com" + ]; + + Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + ]; + }; }; } diff --git a/modules/services/pia.nix b/modules/services/pia.nix index 405f0f1..d52dbf8 100644 --- a/modules/services/pia.nix +++ b/modules/services/pia.nix @@ -4,8 +4,7 @@ enable = true; authUserPass = { - username = secrets.pia.username; - password = secrets.pia.password; + inherit (secrets.pia) username password; }; }; } diff --git a/modules/services/pipewire.nix b/modules/services/pipewire.nix index 80a24ce..4506fbd 100644 --- a/modules/services/pipewire.nix +++ b/modules/services/pipewire.nix @@ -1,3 +1,15 @@ +{ lib, ... }: +let + inherit (lib.attrsets) mapAttrs; + inherit (lib.modules) mkBefore mkOptionDefault; + inherit (lib.lists) singleton; + inherit (builtins) toString; + + mapOptionDefault = mapAttrs (_: mkOptionDefault); + quantum = toString 64; + rate = toString 48000; + qr = "${quantum}/${rate}"; +in { services.pipewire = { enable = true; @@ -10,5 +22,145 @@ enable = true; support32Bit = true; }; + + extraConfig = { + pipewire = { + "10-logging" = { + "context.properties"."log.level" = 3; + }; + + # "10-defaults" = { + # "context.properties" = mapOptionDefault { + # "clock.power-of-two-quantum" = true; + # "core.daemon" = true; + # "core.name" = "pipewire-0"; + # "link.max-buffers" = 16; + # "settings.check-quantum" = true; + # }; + + # "context.spa-libs" = mapOptionDefault { + # "audio.convert.*" = "audioconvert/libspa-audioconvert"; + # "avb.*" = "avb/libspa-avb"; + # "api.alsa.*" = "alsa/libspa-alsa"; + # "api.v4l2.*" = "v4l2/libspa-v4l2"; + # "api.libcamera.*" = "libcamera/libspa-libcamera"; + # "api.bluez5.*" = "bluez5/libspa-bluez5"; + # "api.vulkan.*" = "vulkan/libspa-vulkan"; + # "api.jack.*" = "jack/libspa-jack"; + # "support.*" = "support/libspa-support"; + # "video.convert.*" = "videoconvert/libspa-videoconvert"; + # }; + # }; + }; + + # pipewire-pulse = { + # "10-defaults" = { + # "context.spa-libs" = mapOptionDefault { + # "audio.convert.*" = "audioconvert/libspa-audioconvert"; + # "support.*" = "support/libspa-support"; + # }; + + # "pulse.cmd" = mkBefore [ + # { + # cmd = "load-module"; + # args = "module-always-sink"; + # flags = [ ]; + # } + # ]; + + # "pulse.properties" = { + # "server.address" = mkBefore [ "unix:native" ]; + # }; + + # "pulse.rules" = mkBefore [ + # { + # matches = [ + # { "application.process.binary" = "teams"; } + # { "application.process.binary" = "teams-insiders"; } + # { "application.process.binary" = "skypeforlinux"; } + # ]; + + # actions.quirks = [ "force-s16-info" ]; + # } + # { + # matches = singleton { "application.process.binary" = "firefox"; }; + # actions.quirks = [ "remove-capture-dont-move" ]; + # } + # { + # matches = singleton { "application.name" = "~speech-dispatcher*"; }; + + # actions = { + # update-props = { + # "pulse.min.req" = "1024/48000"; # 21 milliseconds + # "pulse.min.quantum " = "1024/48000"; # 21 milliseconds + # }; + # }; + # } + # ]; + # }; + # }; + + # pipewire."92-low-latency" = { + # "context.properties" = { + # "default.clock.rate" = rate; + # "default.clock.quantum" = quantum; + # "default.clock.min-quantum" = quantum; + # "default.clock.max-quantum" = quantum; + # "default.clock.allowed-rates" = [ rate ]; + # }; + + # # "context.modules" = [ + # # { + # # name = "libpipewire-module-rtkit"; + + # # flags = [ + # # "ifexists" + # # "nofail" + # # ]; + + # # args = { + # # "nice.level" = -15; + # # "rt.prio" = 90; + # # "rt.time.soft" = 200000; + # # "rt.time.hard" = 200000; + # # }; + # # } + # # { + # # name = "libpipewire-module-protocol-pulse"; + + # # args = { + # # "server.address" = [ "unix:native" ]; + # # "pulse.min.quantum" = qr; + # # "pulse.min.req" = qr; + # # "pulse.min.frag" = qr; + # # }; + # # } + # # ]; + + # "stream.properties" = { + # "node.latency" = qr; + # "resample.quality" = 1; + # }; + # }; + + # pipewire-pulse."92-low-latency" = { + # "context.modules" = singleton { + # name = "libpipewire-module-protocol-pulse"; + + # args = { + # "pulse.min.req" = qr; + # "pulse.default.req" = qr; + # "pulse.max.req" = qr; + # "pulse.min.quantum" = qr; + # "pulse.max.quantum" = qr; + # }; + # }; + + # "stream.properties" = { + # "node.latency" = qr; + # "resample.quality" = 4; + # }; + # }; + }; }; } diff --git a/modules/services/wireplumber.nix b/modules/services/wireplumber.nix new file mode 100644 index 0000000..970396f --- /dev/null +++ b/modules/services/wireplumber.nix @@ -0,0 +1,42 @@ +let + rate = builtins.toString 48000; +in +{ + services.pipewire.wireplumber = { + enable = true; + + extraConfig = { + "10-log-level-debug" = { + "context.properties"."log.level" = "D"; + }; + + "10-default-volume" = { + "wireplumber.settings"."device.routes.default-sink-volume" = 1.0; + }; + + "92-low-latency" = { + "monitor.alsa.rules" = [ + { + matches = [ + { "device.name" = "~alsa_card.*"; } + { "node.name" = "~alsa_output.*"; } + ]; + + actions.update-props = { + "node.description" = "ALSA Low Latency Output"; + "audio.rate" = rate; + "audio.format" = "S32LE"; + "resample.quality" = 4; + "resample.disable" = false; + "session.suspend-timeout-seconds" = 0; + "api.alsa.period-size" = 2; + "api.alsa.headroom" = 128; + "api.alsa.period-num" = 2; + "api.alsa.disable-batch" = false; + }; + } + ]; + }; + }; + }; +} -- cgit v1.2.3