atridad/lavitz
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0e27305108a033b67da7e8c2b956a5e777237dc5
lavitz/modules/services.nix
Atridad Lahiji 0e27305108 1754190633
2025-08-02 21:10:33 -06:00

65 lines
2.7 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
{
# Enable the OpenSSH daemon
services.openssh.enable = true;
# Sleep configuration optimized for NVIDIA
systemd.sleep.extraConfig = ''
AllowSuspend=yes
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
services.sunshine = {
enable = true;
autoStart = true;
capSysAdmin = true;
openFirewall = true;
package = pkgs.sunshine.override {
cudaSupport = true;
};
};
# Tailscale
services.tailscale.enable = true;
# Docker
virtualisation.docker.enable = true;
# Fwupd
services.fwupd.enable = true;
# udev
services.udev.extraRules = ''
# --- Rules for WebHID/WebUSB Permissions for Keychron Devices ---
# These rules aim to make ALL Keychron devices accessible to users in the 'plugdev' group,
# or the 'users' group, so browsers (running as that user) can potentially interact.
# This rule targets any Keychron device by its Vendor ID.
# It sets the group to 'plugdev' (or 'users') and grants read/write permissions.
#
# Considerations:
# 1. 'SUBSYSTEMS=="usb"': Matches devices within the USB subsystem, broad enough for WebUSB/WebHID.
# 2. 'ATTRS{idVendor}=="3434"': Specifically targets Keychron devices.
# 3. 'MODE="0660"': Grants read/write to owner (root) and group (plugdev/users).
# 4. 'GROUP="plugdev"': Assigns the 'plugdev' group. You might use 'users' or 'your-username-group'
# if 'plugdev' isn't suitable or doesn't exist on your system.
# The group used here must be one that your *browser's user process* is a member of.
#
# IMPORTANT: Do NOT use this rule for your primary system keyboard/mouse
# if you want to prevent web pages from *potentially* messing with them.
# For a general-purpose keyboard, the OS typically blacklists it from WebHID.
# This rule is most useful for custom peripherals or secondary devices.
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="3434", MODE="0660", GROUP="plugdev"
ACTION=="add", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", MODE="0660", GROUP="plugdev"
# You might also include specific product IDs if you only want to grant access to certain Keychron models:
# ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="d030", MODE="0660", GROUP="plugdev"
# ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0e20", MODE="0660", GROUP="plugdev"
# ACTION=="add", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="d030", MODE="0660", GROUP="plugdev"
# ACTION=="add", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0e20", MODE="0660", GROUP="plugdev"
'';
}
Reference in New Issue View Git Blame Copy Permalink