steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: steveej:f986a8300db1068da4155a0d321caf6ab5891f78
Branches Tags
steveej:master
steveej:WIP-router0-nfmnk-tunnels
steveej:wip
steveej:wip-bpir3
steveej:pr_htz0
steveej:evolution_decsync
steveej:t14_relabel
steveej:t14_new_drive
steveej:srv0_drivechange
steveej:staging-steveej
steveej:pa600-unused
steveej:pr/odroidh2p-0
..
compare: steveej:e6c10aad010f84cc04a953f9e632d91d9fe73039
Branches Tags
steveej:master
steveej:WIP-router0-nfmnk-tunnels
steveej:wip
steveej:wip-bpir3
steveej:pr_htz0
steveej:evolution_decsync
steveej:t14_relabel
steveej:t14_new_drive
steveej:srv0_drivechange
steveej:staging-steveej
steveej:pa600-unused
steveej:pr/odroidh2p-0

5 commits
f986a8300d ... e6c10aad01

Author SHA1 Message Date
Stefan Junker
e6c10aad01 experiment with k3s + nix-snapshotter 2024-08-03 18:18:47 +02:00
Stefan Junker
186488456c steveej-x13s: re-enable syncthing and cleanup 2024-08-03 18:18:29 +02:00
Stefan Junker
c64db438a2 router0-dmz0: further wifi tweaking 
with these settings i did not get a single disconnect after 3-4 hours of testing.
 2024-08-03 18:16:07 +02:00
Stefan Junker
fa45a3a1e3 chromium: switch back to full chromium for extensions support 2024-08-03 18:16:07 +02:00
Stefan Junker
fd706db158 nix/os/devices/steveej-x13s: bump versions 2024-08-03 18:16:07 +02:00
5 changed files with 44 additions and 190 deletions
Download patch file Download diff file Expand all files Collapse all files

17
nix/home-manager/programs/chromium.nix
View file

@ -42,22 +42,29 @@
# unhook
{id = "khncfooichmfjbepaaaebmommgaepoid";}
# polkadotjs
{id = "mopnmbcafieddcagagdcbnhejhlodfdd";}
]
++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [
# polkadotjs
{id = "mopnmbcafieddcagagdcbnhejhlodfdd";}
# rabby wallet
{id = "acmacodkjbdgmoleebolmdjonilkdbch";}
# Vimium C
{id = "hfjbmagddngcpeloejdejnfgbamkjaeg";}
# always right
{id = "npjpaghfnndnnmjiliibnkmdfgbojokj";}
# shazam music
{id = "mmioliijnhnoblpgimnlajmefafdfilb";}
]);
in {
programs.chromium = {
enable = true;
inherit extensions;
package = pkgs.ungoogled-chromium;
# TODO: extensions currently don't work with ungoogled-chromium
package = pkgs.chromium;
};
programs.brave = {
@ -67,6 +74,4 @@ in {
&& !pkgs.stdenv.targetPlatform.isAarch64;
inherit extensions;
};
programs.browserpass = {browsers = ["chromium" "brave"];};
}

149
nix/os/devices/router0-dmz0/configuration.nix
View file

@ -909,7 +909,7 @@ in {
channel = 0; # 0 would mean Automatic Channel Selection
settings = {
# TODO: with 1 the x13s on windows can't connect, however this slows the AP down.
# TODO: this would be faster but x13s on windows can't connect when it's enabled.
# ieee80211n = 1;
# Exclude DFS channels from ACS
@ -921,6 +921,11 @@ in {
# indications of connection loss. This depends on the driver capabilities and
# may not be available with all drivers.
disassoc_low_ack = 0;
skip_inactivity_poll = 1;
# TODO: check if this is required. multicast can be more efficient so it'd be nice to disable this.
multicast_to_unicast = 1;
};
# use 'iw phy#1 info' to determine your VHT capabilities
@ -1038,7 +1043,8 @@ in {
wmm_enabled = 1;
# IEEE 802.11i (authentication) related configuration
# Encrypt management frames to protect against deauthentication and similar attacks
# Encrypt management frames to protect against deauthentication and similar attacks.
# 0 := disabled; 1 := optional; 2 := required
ieee80211w = 1;
# sae_require_mfp = 1;
# sae_groups = "19 20 21";
@ -1046,147 +1052,12 @@ in {
# [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default)
tls_flags = "[ENABLE-TLSv1.3]";
ieee8021x = 1;
eap_server = 1;
multicast_to_unicast = 0;
skip_inactivity_poll = 0;
disassoc_low_ack = 0;
ieee8021x = 0;
eap_server = 0;
};
};
# wlan0-1 = {
# ssid = "mlsia-testing";
# authentication = {
# mode = "wpa3-sae-transition";
# };
# bssid = mkBssid 1;
# settings = {
# bridge = bridgeInterfaceName;
# };
# };
# wlan0-1 = {
# ssid = "justtestingwifi-wpa3";
# authentication = {
# mode = "wpa3-sae";
# saePasswordsFile = config.sops.secrets.wlan0_1_saePasswordFile.path;
# };
# bssid = mkBssid 1;
# settings = {
# bridge = bridgeInterfaceName;
# };
# };
# Uncomment when needed otherwise remove
# wlan0-1 = {
# ssid = "koteczkowo3";
# authentication = {
# mode = "none"; # this is overriden by settings
# };
# managementFrameProtection = "optional";
# bssid = "e6:02:43:07:00:00";
# settings = {
# bridge = bridgeInterfaceName;
# wpa = lib.mkForce 2;
# wpa_key_mgmt = "WPA-PSK";
# wpa_pairwise = "CCMP";
# wpa_psk_file = config.sops.secrets.legacyWifiPassword.path;
# };
# };
};
};
# wlan1 = {
# band = "5g";
# # channels with 160 MHz width in Poland: 36, 52, 100 i 116
# channel = 0; # ACS
# countryCode = "PL";
# # use 'iw phy#1 info' to determine your VHT capabilities
# wifi4 = {
# enable = true;
# capabilities = ["HT40+" "LDPC" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935"];
# };
# wifi5 = {
# enable = true;
# operatingChannelWidth = "160";
# capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-4" "BF-ANTENNA-4" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"];
# };
# wifi6 = {
# enable = true;
# singleUserBeamformer = true;
# singleUserBeamformee = true;
# multiUserBeamformer = true;
# operatingChannelWidth = "160";
# };
# settings = {
# # these two are mandatory for wifi 5 & 6 to work
# vht_oper_centr_freq_seg0_idx = 50;
# he_oper_centr_freq_seg0_idx = 50;
# # The "tx_queue_data2_burst" parameter in Linux refers to the burst size for
# # transmitting data packets from the second data queue of a network interface.
# # It determines the number of packets that can be sent in a burst.
# # Adjusting this parameter can impact network throughput and latency.
# tx_queue_data2_burst = 2;
# # The "he_bss_color" parameter in Wi-Fi 6 (802.11ax) refers to the BSS Color field in the HE (High Efficiency) MAC header.
# # BSS Color is a mechanism introduced in Wi-Fi 6 to mitigate interference and improve network efficiency in dense deployment scenarios.
# # It allows multiple overlapping Basic Service Sets (BSS) to differentiate and coexist in the same area without causing excessive interference.
# he_bss_color = 63; # was set to 128 by openwrt but range of possible values in 2.10 is 1-63
# # Magic values that were set by openwrt but I didn't bother inspecting every single one
# he_spr_sr_control = 3;
# he_default_pe_duration = 4;
# he_rts_threshold = 1023;
# he_mu_edca_qos_info_param_count = 0;
# he_mu_edca_qos_info_q_ack = 0;
# he_mu_edca_qos_info_queue_request = 0;
# he_mu_edca_qos_info_txop_request = 0;
# # he_mu_edca_ac_be_aci=0; missing in 2.10
# he_mu_edca_ac_be_aifsn = 8;
# he_mu_edca_ac_be_ecwmin = 9;
# he_mu_edca_ac_be_ecwmax = 10;
# he_mu_edca_ac_be_timer = 255;
# he_mu_edca_ac_bk_aifsn = 15;
# he_mu_edca_ac_bk_aci = 1;
# he_mu_edca_ac_bk_ecwmin = 9;
# he_mu_edca_ac_bk_ecwmax = 10;
# he_mu_edca_ac_bk_timer = 255;
# he_mu_edca_ac_vi_ecwmin = 5;
# he_mu_edca_ac_vi_ecwmax = 7;
# he_mu_edca_ac_vi_aifsn = 5;
# he_mu_edca_ac_vi_aci = 2;
# he_mu_edca_ac_vi_timer = 255;
# he_mu_edca_ac_vo_aifsn = 5;
# he_mu_edca_ac_vo_aci = 3;
# he_mu_edca_ac_vo_ecwmin = 5;
# he_mu_edca_ac_vo_ecwmax = 7;
# he_mu_edca_ac_vo_timer = 255;
# };
# networks = {
# wlan1 = {
# ssid = "koteczkowo5";
# authentication = {
# mode = "wpa3-sae";
# saePasswordsFile = config.sops.secrets.wifiPassword.path; # Use saePasswordsFile if possible.
# };
# bssid = "36:b9:02:21:08:a2";
# settings = {
# bridge = bridgeInterfaceName;
# };
# };
# };
# };
};
};

21
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -156,6 +156,7 @@
../../snippets/holo-zerotier.nix
# experiment with k3s, nix-snapshotter, and nixos images
{
# (1) Import nixos module.
imports = [
@ -218,8 +219,6 @@
../../../home-manager/configuration/graphical-fullblown.nix
];
services.syncthing.enable = lib.mkForce false;
home.sessionVariables = {};
home.packages = with pkgs; [
@ -227,7 +226,6 @@
# TODO: currently unsupported
services.gammastep.enable = lib.mkForce false;
# programs.chromium.enable = lib.mkForce false;
};
boot = {
@ -235,23 +233,6 @@
loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = ["wwan"];
# kernelParams = let
# dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb";
# in lib.mkForce [
# # needed to boot
# "dtb=${dtbName}"
# # jhovold recommended
# "efi=noruntime"
# "clk_ignore_unused"
# "pd_ignore_unused"
# # "regulator_ignore_unused"
# "arm64.nopauth"
# # blacklist graphics in initrd so the firmware can load from disk
# "rd.driver.blacklist=msm"
# ];
};
hardware.firmware = lib.mkBefore [

44
nix/os/devices/steveej-x13s/flake.lock generated
View file

@ -44,11 +44,11 @@
]
},
"locked": {
"lastModified": 1721266288,
"narHash": "sha256-MsyTzXu9CJVcBr44ct8ILKF/Ro7VlF+tVZTylzAoXSs=",
"lastModified": 1722476845,
"narHash": "sha256-7gZ8uf3qOox8Vrwd+p9EhUHHLhhK8lis/5KcXGmIaow=",
"owner": "nix-community",
"repo": "disko",
"rev": "e8e8d9a3a9c1d0e654ccda7834bf0288a9d15c47",
"rev": "7e1b215a0a96efb306ad6440bf706d2b307dc267",
"type": "github"
},
"original": {
@ -181,11 +181,11 @@
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1721250279,
"narHash": "sha256-S47+MFnArDvR7OFCXU0BQoyLCBwSZws+t+bany7Ol6w=",
"lastModified": 1722056346,
"narHash": "sha256-50fcuCppaLMfSOTFO4IkCBs4folToCwlhTgc6IdZFHg=",
"owner": "NixOS",
"repo": "mobile-nixos",
"rev": "472073a51745cca03257cf625582252cdd04ec21",
"rev": "717ce90cfadffa449480bae2e155185c651e9993",
"type": "github"
},
"original": {
@ -203,11 +203,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1721210676,
"narHash": "sha256-6hwlFcRPbfW+tOrKnnx3AL/yWjXqkXHoiIpbFsPMEAg=",
"lastModified": 1722421086,
"narHash": "sha256-Po8GvfDt4O646w1IDIcRdiRIxnqVLv/OwBhr5nOazLw=",
"owner": "threefoldtech",
"repo": "mycelium",
"rev": "767060eb8bd5abcc8e375bdb8f0984bcb27936da",
"rev": "e4d7be8556b259a2204f19d6a0537da3aa7d7a3e",
"type": "github"
},
"original": {
@ -259,11 +259,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1721131656,
"narHash": "sha256-0EoouVAaS8GHZJitpzQ9S4s4Gps4hkzr8yQcgYkLxwo=",
"lastModified": 1722396240,
"narHash": "sha256-t4C/I1CttOGFLYzzjd6zNOPvPleykqbPwO0YT19S6jI=",
"ref": "refs/heads/main",
"rev": "f1a2bace41471300aa2b0c5c98e6e37087532e16",
"revCount": 91,
"rev": "a59ae21e47538cecddadc220ea16a7b8e2485f66",
"revCount": 97,
"type": "git",
"url": "https://codeberg.org/adamcstephens/nixos-x13s"
},
@ -302,11 +302,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1720957393,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
"lastModified": 1722421184,
"narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb",
"rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58",
"type": "github"
},
"original": {
@ -318,11 +318,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1720957393,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
"lastModified": 1722062969,
"narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb",
"rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3",
"type": "github"
},
"original": {
@ -334,11 +334,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1720954236,
"narHash": "sha256-1mEKHp4m9brvfQ0rjCca8P1WHpymK3TOr3v34ydv9bs=",
"lastModified": 1722372011,
"narHash": "sha256-B2xRiC3NEJy/82ugtareBkRqEkPGpMyjaLxaR8LBxNs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "53e81e790209e41f0c1efa9ff26ff2fd7ab35e27",
"rev": "cf05eeada35e122770c5c14add958790fcfcbef5",
"type": "github"
},
"original": {

3
nix/os/devices/steveej-x13s/flake.nix
View file

@ -9,9 +9,6 @@
disko.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs";