From 1518f7007b73652af0bb2f1bbe427509fe8228b5 Mon Sep 17 00:00:00 2001 From: Aleksandr Date: Tue, 17 Dec 2024 00:22:23 +0300 Subject: [PATCH] Initial commit --- .sops.yaml | 8 + flake.lock | 704 ++++++++++++++++++ flake.nix | 54 ++ lil-maid/default.nix | 54 ++ lil-maid/fs.nix | 22 + lil-maid/hw.nix | 47 ++ lil-maid/modules/boot.nix | 4 + lil-maid/modules/default.nix | 12 + lil-maid/modules/firewall.nix | 5 + lil-maid/modules/fonts.nix | 6 + lil-maid/modules/net.nix | 22 + lil-maid/modules/social.nix | 16 + lil-maid/modules/stash.nix | 50 ++ lil-maid/modules/steam.nix | 15 + m/default.nix | 16 + m/firefox.nix | 13 + m/home/default.nix | 18 + m/home/helix/default.nix | 28 + m/home/helix/langs/default.nix | 15 + m/home/helix/langs/nix.nix | 15 + m/home/helix/nigger.toml | 2 + m/home/helix/themes/sonokai/default.nix | 179 +++++ .../themes/sonokai/palettes/andromeda.nix | 25 + m/home/nero/default.nix | 81 ++ m/hypr.nix | 34 + m/kde.nix | 18 + m/masters/default.nix | 7 + m/masters/nero.nix | 37 + m/rust.nix | 27 + m/sddm.nix | 17 + m/signal.nix | 3 + m/sops.nix | 28 + m/sys.nix | 68 ++ m/unfree.nix | 14 + m/vpn/default.nix | 5 + m/vpn/hft.nix | 39 + secrets/users.yaml | 23 + secrets/viendesu.yaml | 24 + secrets/work.yaml | 24 + 39 files changed, 1779 insertions(+) create mode 100644 .sops.yaml create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 lil-maid/default.nix create mode 100644 lil-maid/fs.nix create mode 100644 lil-maid/hw.nix create mode 100644 lil-maid/modules/boot.nix create mode 100644 lil-maid/modules/default.nix create mode 100644 lil-maid/modules/firewall.nix create mode 100644 lil-maid/modules/fonts.nix create mode 100644 lil-maid/modules/net.nix create mode 100644 lil-maid/modules/social.nix create mode 100644 lil-maid/modules/stash.nix create mode 100644 lil-maid/modules/steam.nix create mode 100644 m/default.nix create mode 100644 m/firefox.nix create mode 100644 m/home/default.nix create mode 100644 m/home/helix/default.nix create mode 100644 m/home/helix/langs/default.nix create mode 100644 m/home/helix/langs/nix.nix create mode 100644 m/home/helix/nigger.toml create mode 100644 m/home/helix/themes/sonokai/default.nix create mode 100644 m/home/helix/themes/sonokai/palettes/andromeda.nix create mode 100644 m/home/nero/default.nix create mode 100644 m/hypr.nix create mode 100644 m/kde.nix create mode 100644 m/masters/default.nix create mode 100644 m/masters/nero.nix create mode 100644 m/rust.nix create mode 100644 m/sddm.nix create mode 100644 m/signal.nix create mode 100644 m/sops.nix create mode 100644 m/sys.nix create mode 100644 m/unfree.nix create mode 100644 m/vpn/default.nix create mode 100644 m/vpn/hft.nix create mode 100644 secrets/users.yaml create mode 100644 secrets/viendesu.yaml create mode 100644 secrets/work.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..0527d0e --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,8 @@ +keys: + - &master age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u + +creation_rules: + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *master diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..d27287c --- /dev/null +++ b/flake.lock @@ -0,0 +1,704 @@ +{ + "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1731774881, + "narHash": "sha256-1Dxryiw8u2ejntxrrv3sMtIE8WHKxmlN4KeH+uMGbmc=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "b31a6a4da8199ae3489057db7d36069a70749a56", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, + "fenix": { + "inputs": { + "nixpkgs": "nixpkgs", + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1731738660, + "narHash": "sha256-tIXhc9lX1b030v812yVJanSR37OnpTb/OY5rU3TbShA=", + "owner": "nix-community", + "repo": "fenix", + "rev": "e10ba121773f754a30d31b6163919a3e404a434f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "freetype2": { + "flake": false, + "locked": { + "lastModified": 1687587065, + "narHash": "sha256-+Fh+/k+NWL5Ow9sDLtp8Cv/8rLNA1oByQQCIQS/bysY=", + "owner": "wez", + "repo": "freetype2", + "rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d", + "type": "github" + }, + "original": { + "owner": "wez", + "repo": "freetype2", + "rev": "e4586d960f339cf75e2e0b34aee30a0ed8353c0d", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "hyprland", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "harfbuzz": { + "flake": false, + "locked": { + "lastModified": 1711722720, + "narHash": "sha256-GdxcAPx5QyniSHPAN1ih28AD9JLUPR0ItqW9JEsl3pU=", + "owner": "harfbuzz", + "repo": "harfbuzz", + "rev": "63973005bc07aba599b47fdd4cf788647b601ccd", + "type": "github" + }, + "original": { + "owner": "harfbuzz", + "ref": "8.4.0", + "repo": "harfbuzz", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731832479, + "narHash": "sha256-icDDuYwJ0avTMZTxe1qyU/Baht5JOqw4pb5mWpR+hT0=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "5056a1cf0ce7c2a08ab50713b6c4af77975f6111", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1728669738, + "narHash": "sha256-EDNAU9AYcx8OupUzbTbWE1d3HYdeG0wO6Msg3iL1muk=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "0264e698149fcb857a66a53018157b41f8d97bb0", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "aquamarine": "aquamarine", + "hyprcursor": "hyprcursor", + "hyprland-protocols": "hyprland-protocols", + "hyprlang": "hyprlang", + "hyprutils": "hyprutils", + "hyprwayland-scanner": "hyprwayland-scanner", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1731799110, + "narHash": "sha256-wwFbcWfVYGwemw/GeSdXrSXmNjjdTUw0N8DU8McyZU8=", + "ref": "refs/heads/main", + "rev": "af83c825138386d269d69b3ef755b844a2eacb22", + "revCount": 5462, + "submodules": true, + "type": "git", + "url": "https://github.com/hyprwm/Hyprland" + }, + "original": { + "submodules": true, + "type": "git", + "url": "https://github.com/hyprwm/Hyprland" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1728345020, + "narHash": "sha256-xGbkc7U/Roe0/Cv3iKlzijIaFBNguasI31ynL2IlEoM=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "a7c183800e74f337753de186522b9017a07a8cee", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1728168612, + "narHash": "sha256-AnB1KfiXINmuiW7BALYrKqcjCnsLZPifhb/7BsfPbns=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "f054f2e44d6a0b74607a6bc0f52dba337a3db38e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1731702627, + "narHash": "sha256-+JeO9gevnXannQxMfR5xzZtF4sYmSlWkX/BPmPx0mWk=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "e911361a687753bbbdfe3b6a9eab755ecaf1d9e1", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1726874836, + "narHash": "sha256-VKR0sf0PSNCB0wPHVKSAn41mCNVCnegWmgkrneKDhHM=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "500c81a9e1a76760371049a8d99e008ea77aa59e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, + "libpng": { + "flake": false, + "locked": { + "lastModified": 1549245649, + "narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=", + "owner": "glennrp", + "repo": "libpng", + "rev": "8439534daa1d3a5705ba92e653eda9251246dd61", + "type": "github" + }, + "original": { + "owner": "glennrp", + "repo": "libpng", + "rev": "8439534daa1d3a5705ba92e653eda9251246dd61", + "type": "github" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "vnj", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721727458, + "narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=", + "owner": "nix-community", + "repo": "naersk", + "rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1731319897, + "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "dc460ec76cbff0e66e269457d7b728432263166c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1731845251, + "narHash": "sha256-hsVSCCrPkQ0cZkgX9P4vKYQRkrjSlkSg5cZa7Fe5FgA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "37debf5e7dd392e78a41385f45e385c84ab37d21", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "fenix": "fenix", + "home-manager": "home-manager", + "hyprland": "hyprland", + "nixpkgs": "nixpkgs_2", + "sops-nix": "sops-nix", + "vnj": "vnj", + "wezterm": "wezterm" + } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1731693936, + "narHash": "sha256-uHUUS1WPyW6ohp5Bt3dAZczUlQ22vOn7YZF8vaPKIEw=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "1b90e979aeee8d1db7fe14603a00834052505497", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "vnj", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731820690, + "narHash": "sha256-/hHFMTD+FGURXZ4JtfXoIgpy87zL505pVi6AL76Wc+U=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "bbab2ab9e1932133b1996baa1dc00fefe924ca81", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "nixpkgs": [ + "wezterm", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729477859, + "narHash": "sha256-r0VyeJxy4O4CgTB/PNtfQft9fPfN1VuGvnZiCxDArvg=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "ada8266712449c4c0e6ee6fcbc442b3c217c79e1", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731850885, + "narHash": "sha256-V5eA7YtZwUnjtDK8hHoiXB17hBKZ+L6kpgR0UxKehtQ=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "793c07f331a831e4321038e3e8ac2e503167af8b", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "vnj": { + "inputs": { + "flake-utils": "flake-utils", + "naersk": "naersk", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1731858195, + "narHash": "sha256-edyX7iTnoDU+fjLlNxFZL/iKW8tu6sPjm22beH0NbUM=", + "ref": "refs/heads/master", + "rev": "f67dcd8f2a86c44ce01ee6fe0ee394b52e7ebb98", + "revCount": 1, + "type": "git", + "url": "https://git.viende.su/VienDesu/vnj.git" + }, + "original": { + "type": "git", + "url": "https://git.viende.su/VienDesu/vnj.git" + } + }, + "wezterm": { + "inputs": { + "flake-utils": "flake-utils_2", + "freetype2": "freetype2", + "harfbuzz": "harfbuzz", + "libpng": "libpng", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay_2", + "zlib": "zlib" + }, + "locked": { + "dir": "nix", + "lastModified": 1731625276, + "narHash": "sha256-NbgX4nfGJYFflQauJZMTJrpgTD5oY3hgs+KNE3JJgSc=", + "owner": "wez", + "repo": "wezterm", + "rev": "979df7826965348345a3305ed889a4b9aef838e1", + "type": "github" + }, + "original": { + "dir": "nix", + "owner": "wez", + "repo": "wezterm", + "type": "github" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1731703417, + "narHash": "sha256-rheDc/7C+yI+QspYr9J2z9kQ5P9F4ATapI7qyFAe1XA=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "8070f36deec723de71e7557441acb17e478204d3", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } + }, + "zlib": { + "flake": false, + "locked": { + "lastModified": 1484501380, + "narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=", + "owner": "madler", + "repo": "zlib", + "rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f", + "type": "github" + }, + "original": { + "owner": "madler", + "ref": "v1.2.11", + "repo": "zlib", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..eb88b7a --- /dev/null +++ b/flake.nix @@ -0,0 +1,54 @@ +{ + description = "Nero"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=release-24.11"; + vnj = { + url = "git+https://git.viende.su/VienDesu/vnj.git"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + fenix.url = "github:nix-community/fenix"; + + hyprland = { + url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + wezterm = { + url = "github:wez/wezterm?dir=nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { + nixpkgs, + sops-nix, + home-manager, + ... + }@inputs: { + nixosConfigurations.lil-maid = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + modules = [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + + ./m + ./lil-maid + ]; + + specialArgs = { + inherit inputs; + }; + }; + }; +} diff --git a/lil-maid/default.nix b/lil-maid/default.nix new file mode 100644 index 0000000..db7c6a7 --- /dev/null +++ b/lil-maid/default.nix @@ -0,0 +1,54 @@ +{ + programs.bash.shellAliases = { + e = "emacs -nw"; + }; + maid = { + sys = { + enable = true; + hostname = "lil-maid"; + + bluetooth.enable = true; + }; + masters.nero.enable = true; + + sops = { + enable = true; + + viendesu.enable = true; + work.enable = true; + }; + + sddm.enable = true; + hm.enable = true; + hypr.enable = true; + # kde.enable = true; + + rust.enable = true; + + firefox.enable = true; + vpn.hft.enable = true; + + unfree = [ + "obsidian" + "slack" + "discord" + "terraform" + "yandex-cloud" + + "steam" + "steam-original" + "steam-unwrapped" + "steam-run" + "xow_dongle-firmware" + ]; + }; + + imports = [ + ./modules + + ./hw.nix + ./fs.nix + ]; + + system.stateVersion = "24.05"; +} diff --git a/lil-maid/fs.nix b/lil-maid/fs.nix new file mode 100644 index 0000000..8192311 --- /dev/null +++ b/lil-maid/fs.nix @@ -0,0 +1,22 @@ +{ + fileSystems = { + "/" = + { device = "/dev/disk/by-label/nixos"; + fsType = "btrfs"; + }; + "/boot" = + { device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + "/secrets" = + { device = "/dev/disk/by-label/secrets"; + fsType = "btrfs"; + options = [ "nofail" ]; + }; + }; + + swapDevices = + [ { device = "/dev/disk/by-label/swap"; } + ]; +} diff --git a/lil-maid/hw.nix b/lil-maid/hw.nix new file mode 100644 index 0000000..bca3ae0 --- /dev/null +++ b/lil-maid/hw.nix @@ -0,0 +1,47 @@ +{ pkgs, config, lib, modulesPath, ... }: +{ + environment.systemPackages = with pkgs; [ + # Brightness control for display. + brightnessctl + ]; + + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + systemd.tmpfiles.settings = { + "10-secrets" = { + "/secrets".v = { + user = "nero"; + mode = "0760"; + }; + }; + }; + + services.blueman.enable = true; + + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelModules = [ "btusb" "kvm-amd" ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.extraModulePackages = [ ]; + + networking.useDHCP = lib.mkDefault true; + + hardware.graphics = { + enable = true; + enable32Bit = true; + + extraPackages = with pkgs; [ + amdvlk + ]; + extraPackages32 = with pkgs; [ + driversi686Linux.amdvlk + ]; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.enableRedistributableFirmware = true; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/lil-maid/modules/boot.nix b/lil-maid/modules/boot.nix new file mode 100644 index 0000000..d39e4ca --- /dev/null +++ b/lil-maid/modules/boot.nix @@ -0,0 +1,4 @@ +{ + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/lil-maid/modules/default.nix b/lil-maid/modules/default.nix new file mode 100644 index 0000000..9341eb9 --- /dev/null +++ b/lil-maid/modules/default.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./net.nix + ./firewall.nix + ./boot.nix + ./steam.nix + ./fonts.nix + ./social.nix + ./stash.nix + ./net.nix + ]; +} diff --git a/lil-maid/modules/firewall.nix b/lil-maid/modules/firewall.nix new file mode 100644 index 0000000..1929c6b --- /dev/null +++ b/lil-maid/modules/firewall.nix @@ -0,0 +1,5 @@ +{ + networking.firewall = { + enable = false; + }; +} diff --git a/lil-maid/modules/fonts.nix b/lil-maid/modules/fonts.nix new file mode 100644 index 0000000..f3cd07f --- /dev/null +++ b/lil-maid/modules/fonts.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + fonts.packages = with pkgs; [ + nerdfonts + ]; +} diff --git a/lil-maid/modules/net.nix b/lil-maid/modules/net.nix new file mode 100644 index 0000000..e5f7a8a --- /dev/null +++ b/lil-maid/modules/net.nix @@ -0,0 +1,22 @@ +{ + networking.networkmanager.enable = true; + services.ivpn.enable = true; + + # services.zapret = { + # enable = true; + # params = [ + # "--wf-tcp=443" + # "--wf-udp=443,50000-65535" + # "--dpi-desync=fake,split" + # "--dpi-desync-repeats=3" + # "--dpi-desync-udplen-increment=12" + # "--dpi-desync-udplen-pattern=0xF00F" + # "--dpi-desync-fake-quic=${./zapret/quic_initial_www_google_com.bin}" + # "--dpi-desync-any-protocol" + # "--dpi-desync-cutoff=d3" + # "--dpi-desync-autottl=2" + # "--dpi-desync-fooling=badseq" + # "--dpi-desync-fake-tls=${./zapret/tls_clienthello_www_google_com.bin}" + # ]; + # }; +} diff --git a/lil-maid/modules/social.nix b/lil-maid/modules/social.nix new file mode 100644 index 0000000..11486aa --- /dev/null +++ b/lil-maid/modules/social.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + # Slack + slack + + # Telegram + telegram-desktop + + # # Discord + # (discord.override { + # withOpenASAR = true; + # withVencord = true; + # }) + ]; +} diff --git a/lil-maid/modules/stash.nix b/lil-maid/modules/stash.nix new file mode 100644 index 0000000..4843eb7 --- /dev/null +++ b/lil-maid/modules/stash.nix @@ -0,0 +1,50 @@ +{ pkgs, inputs, ... }: +{ + imports = [ inputs.vnj.nixosModules.x86_64-linux.default ]; + programs.adb.enable = true; + + services.vnj = + let + mkCfg = port: { + app = { + secret = "1337"; + log_level = "debug"; + journal = "/home/nero/vnj"; + }; + + http.listen = "0.0.0.0:${builtins.toString port}"; + }; + in + { + enable = true; + user = "nero"; + instances = { + ru = mkCfg 1337; + }; + }; + + virtualisation.docker.enable = true; + + environment.systemPackages = with pkgs; [ + obsidian + git + # element-desktop + # monero-gui + emacs + fd + ripgrep + signal-desktop + terraform + pavucontrol + vlc + wine + winetricks + yandex-cloud + qbittorrent + ]; + + fonts.packages = with pkgs; [ + fira-code + fira-code-symbols + ]; +} diff --git a/lil-maid/modules/steam.nix b/lil-maid/modules/steam.nix new file mode 100644 index 0000000..256fd46 --- /dev/null +++ b/lil-maid/modules/steam.nix @@ -0,0 +1,15 @@ +{ + programs = { + gamescope = { + enable = true; + capSysNice = true; + }; + + steam = { + enable = true; + gamescopeSession.enable = true; + }; + }; + + hardware.xone.enable = true; +} diff --git a/m/default.nix b/m/default.nix new file mode 100644 index 0000000..93c7182 --- /dev/null +++ b/m/default.nix @@ -0,0 +1,16 @@ +{ + imports = [ + ./sddm.nix + ./sops.nix + ./hypr.nix + ./kde.nix + ./sys.nix + ./unfree.nix + ./firefox.nix + ./home + ./vpn + ./rust.nix + + ./masters + ]; +} diff --git a/m/firefox.nix b/m/firefox.nix new file mode 100644 index 0000000..fd093ae --- /dev/null +++ b/m/firefox.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +let + firefox = config.maid.firefox; +in +{ + options.maid.firefox = { + enable = lib.mkEnableOption "firefox"; + }; + + config.programs.firefox = lib.mkIf firefox.enable { + enable = true; + }; +} diff --git a/m/home/default.nix b/m/home/default.nix new file mode 100644 index 0000000..e98c173 --- /dev/null +++ b/m/home/default.nix @@ -0,0 +1,18 @@ +{ inputs, config, lib, ... }: +let + hm = config.maid.hm; + masters = config.maid.masters; +in +{ + options.maid.hm = { + enable = lib.mkEnableOption "home-manager"; + }; + + config.home-manager = lib.mkIf hm.enable { + useGlobalPkgs = true; + useUserPackages = true; + + extraSpecialArgs = { inherit inputs; }; + users.nero = lib.mkIf masters.nero.enable (import ./nero); + }; +} diff --git a/m/home/helix/default.nix b/m/home/helix/default.nix new file mode 100644 index 0000000..200e7c1 --- /dev/null +++ b/m/home/helix/default.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: +let + sonokai = import themes/sonokai; + langs = (import ./langs) pkgs; +in +{ + programs.helix = { + enable = true; + + settings = { + theme = "sonokai-andromeda"; + editor.cursor-shape = { + normal = "block"; + insert = "bar"; + select = "underline"; + }; + }; + + languages = { + language-server.rust-analyzer.config = { + rust.analyzerTargetDir = true; + }; + }; + themes = { + sonokai-andromeda = sonokai "andromeda"; + }; + }; +} diff --git a/m/home/helix/langs/default.nix b/m/home/helix/langs/default.nix new file mode 100644 index 0000000..c309441 --- /dev/null +++ b/m/home/helix/langs/default.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +rec { + use = name: (import ./${"${name}.nix"}) pkgs; + combine = lhs: rhs: { + lsp = (lhs.lsp or {}) // (rhs.lsp or {}); + entries = (lhs.entries or []) ++ (rhs.entries or []); + }; + + intoHelixFormat = cfg: { + language-server = cfg.lsp; + language = cfg.entries; + }; + useMany = langs: builtins.foldl' combine {} (map use langs); +} + diff --git a/m/home/helix/langs/nix.nix b/m/home/helix/langs/nix.nix new file mode 100644 index 0000000..93a51a3 --- /dev/null +++ b/m/home/helix/langs/nix.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: +{ + lsp.nixd = { + command = "${pkgs.nixd}/bin/nixd"; + }; + entries = [{ + name = "Nix"; + scope = "source.nix"; + injection-regex = "nix"; + file-types = ["nix"]; + comment-tokens = "#"; + indent = { tab-width = 2; unit = " "; }; + language-servers = [ "nixd" ]; + }]; +} diff --git a/m/home/helix/nigger.toml b/m/home/helix/nigger.toml new file mode 100644 index 0000000..55fd562 --- /dev/null +++ b/m/home/helix/nigger.toml @@ -0,0 +1,2 @@ +[a] +b = 10 diff --git a/m/home/helix/themes/sonokai/default.nix b/m/home/helix/themes/sonokai/default.nix new file mode 100644 index 0000000..898563c --- /dev/null +++ b/m/home/helix/themes/sonokai/default.nix @@ -0,0 +1,179 @@ +palette: +{ + "attribute" = "purple"; + "comment" = "grey"; + "constant" = "purple"; + "constant.character.escape" = "orange"; + "constant.numeric" = "purple"; + "constructor" = "blue"; + "diagnostic" = { "underlined" = { "style" = "line"; }; }; + "diagnostic.error" = { + "underline" = { + "color" = "red"; + "style" = "curl"; + }; + }; + "diagnostic.hint" = { + "underline" = { + "color" = "blue"; + "style" = "dotted"; + }; + }; + "diagnostic.info" = { + "underline" = { + "color" = "green"; + "style" = "dotted"; + }; + }; + "diagnostic.warning" = { + "underline" = { + "color" = "yellow"; + "style" = "curl"; + }; + }; + "diff.delta" = "orange"; + "diff.minus" = "red"; + "diff.plus" = "green"; + "error" = "red"; + "function" = "green"; + "function.builtin" = "blue"; + "function.macro" = "purple"; + "hint" = "blue"; + "info" = "green"; + "keyword" = "red"; + "keyword.directive" = "purple"; + "label" = "orange"; + "markup.bold" = { "modifiers" = [ "bold" ]; }; + "markup.heading.1" = { + "fg" = "red"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.2" = { + "fg" = "orange"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.3" = { + "fg" = "yellow"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.4" = { + "fg" = "green"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.5" = { + "fg" = "blue"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.6" = { + "fg" = "fg"; + "modifiers" = [ "bold" ]; + }; + "markup.heading.marker" = "grey"; + "markup.italic" = { "modifiers" = [ "italic" ]; }; + "markup.link.text" = "purple"; + "markup.link.url" = { + "fg" = "blue"; + "modifiers" = [ "underlined" ]; + }; + "markup.list" = "red"; + "markup.quote" = "grey"; + "markup.raw" = "green"; + "module" = "blue"; + "namespace" = "blue"; + "operator" = "orange"; + "punctuation" = "grey"; + "punctuation.bracket" = "fg"; + "punctuation.delimiter" = "grey"; + "special" = "orange"; + "string" = "yellow"; + "string.regexp" = "orange"; + "tag" = "yellow"; + "type" = "blue"; + "ui.background" = { "bg" = "bg0"; }; + "ui.background.separator" = "grey"; + "ui.bufferline" = { + "bg" = "bg1"; + "fg" = "grey"; + }; + "ui.bufferline.active" = { + "bg" = "bg4"; + "fg" = "fg"; + "modifiers" = [ "bold" ]; + }; + "ui.cursor" = { + "bg" = "fg"; + "fg" = "bg0"; + }; + "ui.cursor.insert" = { + "bg" = "grey"; + "fg" = "black"; + }; + "ui.cursor.match" = { + "bg" = "diff_yellow"; + "fg" = "orange"; + }; + "ui.cursor.select" = { + "bg" = "blue"; + "fg" = "bg0"; + }; + "ui.cursorline.primary" = { "bg" = "bg1"; }; + "ui.cursorline.secondary" = { "bg" = "bg1"; }; + "ui.help" = { + "bg" = "bg2"; + "fg" = "fg"; + }; + "ui.linenr" = "grey"; + "ui.linenr.selected" = "fg"; + "ui.menu" = { + "bg" = "bg3"; + "fg" = "fg"; + }; + "ui.menu.selected" = { + "bg" = "green"; + "fg" = "bg0"; + }; + "ui.popup" = { + "bg" = "bg2"; + "fg" = "grey"; + }; + "ui.selection" = { "bg" = "bg4"; }; + "ui.statusline" = { + "bg" = "bg3"; + "fg" = "fg"; + }; + "ui.statusline.inactive" = { + "bg" = "bg1"; + "fg" = "grey"; + }; + "ui.statusline.insert" = { + "bg" = "yellow"; + "fg" = "bg0"; + "modifiers" = [ "bold" ]; + }; + "ui.statusline.normal" = { + "bg" = "fg"; + "fg" = "bg0"; + "modifiers" = [ "bold" ]; + }; + "ui.statusline.select" = { + "bg" = "blue"; + "fg" = "bg0"; + "modifiers" = [ "bold" ]; + }; + "ui.text" = "fg"; + "ui.text.focus" = "green"; + "ui.virtual.indent-guide" = { "fg" = "bg4"; }; + "ui.virtual.ruler" = { "bg" = "bg2"; }; + "ui.virtual.whitespace" = { "fg" = "bg4"; }; + "ui.window" = { + "bg" = "bg0"; + "fg" = "grey"; + }; + "variable" = "fg"; + "variable.builtin" = "orange"; + "variable.other.member" = "fg"; + "variable.parameter" = "fg"; + "warning" = "yellow"; + + palette = import (./. + "/palettes/${palette}.nix"); +} diff --git a/m/home/helix/themes/sonokai/palettes/andromeda.nix b/m/home/helix/themes/sonokai/palettes/andromeda.nix new file mode 100644 index 0000000..bc0453e --- /dev/null +++ b/m/home/helix/themes/sonokai/palettes/andromeda.nix @@ -0,0 +1,25 @@ +{ + black = "#181a1c"; + bg0 = "#2b2d3a"; + bg1 = "#333648"; + bg2 = "#363a4e"; + bg3 = "#393e53"; + bg4 = "#3f445b"; + bg_red = "#ff6188"; + diff_red = "#55393d"; + bg_green = "#a9dc76"; + diff_green = "#394634"; + bg_blue = "#77d5f0"; + diff_blue = "#354157"; + diff_yellow = "#4e432f"; + fg = "#e1e3e4"; + red = "#fb617e"; + orange = "#f89860"; + yellow = "#edc763"; + green = "#9ed06c"; + cyan = "#ef9062"; # added for compatibility with `edge` scheme + blue = "#6dcae8"; + purple = "#bb97ee"; + grey = "#7e8294"; + grey_dim = "#5a5e7a"; +} diff --git a/m/home/nero/default.nix b/m/home/nero/default.nix new file mode 100644 index 0000000..2499430 --- /dev/null +++ b/m/home/nero/default.nix @@ -0,0 +1,81 @@ +{ config, inputs, pkgs, ... }: +{ + programs.direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + }; + programs.bash = { + enable = true; + bashrcExtra = '' + eval "$(direnv hook bash)" + ''; + }; + + programs.wezterm = { + package = inputs.wezterm.packages.${pkgs.system}.default; + enable = true; + enableBashIntegration = true; + + extraConfig = '' + return { + enable_wayland = true + } + ''; + }; + + home.username = "nero"; + home.homeDirectory = "/home/nero"; + + home.stateVersion = "25.05"; + home.file = { + ".terraformrc".text = '' + provider_installation { + network_mirror { + url = "https://terraform-mirror.yandexcloud.net/" + include = ["registry.terraform.io/*/*"] + } + direct { + exclude = ["registry.terraform.io/*/*"] + } + } + ''; + ".cargo/config.toml" = { + text = '' + [net] + git-fetch-with-cli = true + + [target.x86_64-unknown-linux-gnu] + linker = "${pkgs.clang}/bin/clang" + rustflags = ["-C", "link-arg=--ld-path=${pkgs.mold}/bin/mold"] + ''; + }; + }; + dconf.settings = { + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + gtk-theme = "Adwaita-dark"; + }; + }; + + gtk = { + enable = true; + theme = { + name = "Adwaita-dark"; + package = pkgs.gnome-themes-extra; + }; + }; + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + configPackages = with pkgs; [ xdg-desktop-portal-gtk ]; + }; + qt = { + enable = true; + platformTheme.name = "Adwaita-dark"; + style = { + name = "Adwaita-dark"; + package = pkgs.adwaita-qt; + }; + }; +} diff --git a/m/hypr.nix b/m/hypr.nix new file mode 100644 index 0000000..e881594 --- /dev/null +++ b/m/hypr.nix @@ -0,0 +1,34 @@ +{ lib, config, inputs, pkgs, ... }: +let + hypr = config.maid.hypr; +in +{ + options.maid.hypr = { + enable = lib.mkEnableOption "hyprland"; + }; + + config = lib.mkIf hypr.enable { + programs.hyprland = { + enable = true; + package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; + portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; + }; + + environment.systemPackages = with pkgs; [ + dunst + waybar + wofi + hyprshot + ]; + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + fonts.packages = with pkgs; [ + font-awesome_5 + ]; + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita-dark"; + }; + }; +} diff --git a/m/kde.nix b/m/kde.nix new file mode 100644 index 0000000..d58beab --- /dev/null +++ b/m/kde.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: +let + kde = config.maid.kde; +in +{ + options.maid.kde = { + enable = lib.mkEnableOption "KDE6"; + }; + + config = lib.mkIf kde.enable { + services.desktopManager.plasma6.enable = true; + environment.plasma6.excludePackages = with pkgs.kdePackages; [ + plasma-browser-integration + konsole + oxygen + ]; + }; +} diff --git a/m/masters/default.nix b/m/masters/default.nix new file mode 100644 index 0000000..d725dd7 --- /dev/null +++ b/m/masters/default.nix @@ -0,0 +1,7 @@ +{ + imports = [ + ./nero.nix + ]; + + users.mutableUsers = false; +} diff --git a/m/masters/nero.nix b/m/masters/nero.nix new file mode 100644 index 0000000..d0bdcde --- /dev/null +++ b/m/masters/nero.nix @@ -0,0 +1,37 @@ +{ lib, pkgs, config, ... }: +let + types = lib.types; + masters = config.maid.masters; + hm = config.maid.hm; + + mkUser = name: { + enable = lib.mkEnableOption name; + override = lib.mkOption { + type = types.attrs; + default = {}; + }; + }; +in +{ + options.maid.masters = { + nero = mkUser "nero"; + }; + + config = lib.mkIf masters.nero.enable { + sops.secrets."users/nero/passwordHash" = { + neededForUsers = true; + sopsFile = ../../secrets/users.yaml; + }; + + users.users.nero = { + isNormalUser = true; + uid = 1000; + hashedPasswordFile = config.sops.secrets."users/nero/passwordHash".path; + extraGroups = [ "networkmanager" "docker" "wheel" "adbuser" ]; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaWnT7mpLERhm3zIWglNy094a7F7d7cpEImLZYwwWoS nero@lil-maid" + ]; + } // masters.nero.override; + }; +} diff --git a/m/rust.nix b/m/rust.nix new file mode 100644 index 0000000..b16f3d7 --- /dev/null +++ b/m/rust.nix @@ -0,0 +1,27 @@ +{ pkgs, config, inputs, lib, ... }: +let + rust = config.maid.rust; +in +{ + options.maid.rust = { + enable = lib.mkEnableOption "rust toolchain"; + }; + + config = lib.mkIf rust.enable { + nixpkgs.overlays = [ inputs.fenix.overlays.default ]; + + environment.systemPackages = with pkgs; [ + (fenix.complete.withComponents [ + "rustc" + "cargo" + "rustfmt" + "rust-src" + "rust-analyzer" + "clippy" + "miri" + ]) + sccache + cargo-edit + ]; + }; +} diff --git a/m/sddm.nix b/m/sddm.nix new file mode 100644 index 0000000..673ebac --- /dev/null +++ b/m/sddm.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: +let + sddm = config.maid.sddm; +in +{ + options.maid.sddm = { + enable = lib.mkEnableOption "sddm"; + }; + + config.services.displayManager.sddm = lib.mkIf sddm.enable { + enable = true; + enableHidpi = true; + wayland = { + enable = true; + }; + }; +} diff --git a/m/signal.nix b/m/signal.nix new file mode 100644 index 0000000..1797133 --- /dev/null +++ b/m/signal.nix @@ -0,0 +1,3 @@ +{ + +} diff --git a/m/sops.nix b/m/sops.nix new file mode 100644 index 0000000..b58b31d --- /dev/null +++ b/m/sops.nix @@ -0,0 +1,28 @@ +{ lib, config, ... }: +let + sops = config.maid.sops; +in +{ + options.maid.sops = { + enable = lib.mkEnableOption "sops"; + + work.enable = lib.mkEnableOption "work secrets"; + viendesu.enable = lib.mkEnableOption "VienDesu!"; + }; + + config.sops = lib.mkIf sops.enable { + age.keyFile = "/var/lib/sops-nix/key.txt"; + + secrets = lib.mkMerge [ + (lib.mkIf sops.viendesu.enable { + "viendesu/shadowsocks/gneg".sopsFile = ../secrets/viendesu.yaml; + "viendesu/shadowsocks/yor".sopsFile = ../secrets/viendesu.yaml; + }) + (lib.mkIf sops.work.enable { + "work/ovpn".sopsFile = ../secrets/work.yaml; + "work/password".sopsFile = ../secrets/work.yaml; + "work/shadowsocks".sopsFile = ../secrets/work.yaml; + }) + ]; + }; +} diff --git a/m/sys.nix b/m/sys.nix new file mode 100644 index 0000000..c8e59d7 --- /dev/null +++ b/m/sys.nix @@ -0,0 +1,68 @@ +{ pkgs, lib, config, inputs, ... }: +let + types = lib.types; + sys = config.maid.sys; +in +{ + options.maid.sys = { + enable = lib.mkEnableOption "whole maid system"; + tz = lib.mkOption { + type = types.str; + default = "Europe/Moscow"; + }; + hostname = lib.mkOption { + type = types.str; + }; + + bluetooth = { + enable = lib.mkEnableOption "bluetooth"; + powerOnBoot = lib.mkOption { + type = types.bool; + default = true; + description = "whether to power on bluetooth on system startup"; + }; + }; + }; + + config = lib.mkIf sys.enable { + time.timeZone = sys.tz; + networking.hostName = sys.hostname; + + nix.settings = { + substituters = [ + "https://hyprland.cachix.org" + "https://wezterm.cachix.org" + ]; + trusted-public-keys = [ + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "wezterm.cachix.org-1:kAbhjYUC9qvblTE+s7S+kl5XM1zVa4skO+E/1IDWdH0=" + ]; + + experimental-features = [ "nix-command" "flakes" ]; + }; + + environment.systemPackages = with pkgs; [ + jujutsu + ifuse + libimobiledevice + ]; + services.usbmuxd.enable = true; + + hardware.bluetooth = lib.mkIf sys.bluetooth.enable { + enable = true; + powerOnBoot = sys.bluetooth.powerOnBoot; + }; + # nixpkgs.overlays = [ + # (final: prev: + # let + # der = pkgs.callPackage ./ivpn { + # buildGoModule = pkgs.buildGo122Module; + # }; + # in + # { ivpn = der.ivpn; + # ivpn-service = der.ivpn-service; + # } + # ) + # ]; + }; +} diff --git a/m/unfree.nix b/m/unfree.nix new file mode 100644 index 0000000..3f88750 --- /dev/null +++ b/m/unfree.nix @@ -0,0 +1,14 @@ +{ config, lib, ... }: +let + unfree = config.maid.unfree; + types = lib.types; +in +{ + options.maid.unfree = lib.mkOption { + type = types.listOf types.str; + description = "unfree software list"; + default = []; + }; + + config.nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.maid.unfree; +} diff --git a/m/vpn/default.nix b/m/vpn/default.nix new file mode 100644 index 0000000..c22db59 --- /dev/null +++ b/m/vpn/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./hft.nix + ]; +} diff --git a/m/vpn/hft.nix b/m/vpn/hft.nix new file mode 100644 index 0000000..7c84cfc --- /dev/null +++ b/m/vpn/hft.nix @@ -0,0 +1,39 @@ +{ pkgs, lib, config, ... }: +let + types = lib.types; + hft = config.maid.vpn.hft; +in +{ + options.maid.vpn.hft = { + enable = lib.mkEnableOption "OpenVPN HFT"; + autoStart = lib.mkOption { + type = types.bool; + default = false; + description = "Whether to start VPN on system start"; + }; + }; + + config = lib.mkIf hft.enable { + services.openvpn.servers.hft = { + autoStart = hft.autoStart; + updateResolvConf = true; + + config = '' + config ${config.sops.secrets."work/ovpn".path} + askpass ${config.sops.secrets."work/password".path} + ''; + }; + + systemd.services.hft-shadowsocks = { + wantedBy = [ "openvpn-hft.service" ]; + partOf = [ "openvpn-hft.service" ]; + after = [ "network.target" ]; + + description = "Shadowsocks to bypass OpenVPN block"; + serviceConfig = { + Type = "simple"; + ExecStart = ''${pkgs.shadowsocks-rust}/bin/sslocal --config ${config.sops.secrets."work/shadowsocks".path}''; + }; + }; + }; +} diff --git a/secrets/users.yaml b/secrets/users.yaml new file mode 100644 index 0000000..1beef97 --- /dev/null +++ b/secrets/users.yaml @@ -0,0 +1,23 @@ +users: + nero: + passwordHash: ENC[AES256_GCM,data:VFfZsI+sPny7xN7LYjawjocvDj7pmnxsor1WqdxJcrtnM5MYm75WArDZTmfRP/f68S5tflkNJ/RH7s/f9Xr3nHUDb8pYyMrSQA==,iv:wTpo+QaV0tbUgk1/2AO9yKn8DQz2VuQpIMxYdgDYmcM=,tag:Dn+0EJSEksBzcj2V+9ENjA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTUJTY0tsWkFIeFlCN2Vv + TEJuWWpmQXZsL0VQOUxISFF3YzhqSjlZUkR3CmpiQlpOalY0cUlZQ2t2bjRXcTEx + cDREVzZQRlNvWGtJK251cUNPUlZleXcKLS0tIFc1Z0YxTlJHYVdaVVVXOGNQblNx + SGoweUZaK203Y1dXTG9SSWpUNXh0R1EKhRBaSxtt1LTvO9FTRICd9ubl1x+Gw+6R + q/uAYA5XeRozYGjshCe8Zs92LYXMCnoE1I5HQvV9ZsrtpFQOtXbOFA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-22T06:59:55Z" + mac: ENC[AES256_GCM,data:aqx36OmpS7LBHvj/jXk4dgvYUB1zl53Iy8EuwiAXxB71rQi1BSCOIENB9d6tJT39VIHpic94AiQk9MWmiMK+xgaMW40gkL4FxnnSLUXonpCZmQzmjcex6a9z0q/7fi3Udv03SuTxhO+myBvRJHgIgcbwpiC4Fy9GLAwbPTJFzb8=,iv:/l3b0l/B94glcoGN1VdBy8PuuBtanJj4FrmCKTpC7Vo=,tag:kRkiQ9W9fcdkhpQJplUxMQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/secrets/viendesu.yaml b/secrets/viendesu.yaml new file mode 100644 index 0000000..b5d1d41 --- /dev/null +++ b/secrets/viendesu.yaml @@ -0,0 +1,24 @@ +viendesu: + shadowsocks: + gneg: ENC[AES256_GCM,data:SL1x5cfZeOTjjUBsQpvV3LqMQC5X85DGCxK40XUCwthtNj/5/AMw+DyKMp8bYwX3uABOYOv4SCZwKW4qNI62BztOaMLPA/B4V4QuwdrMNDZYmsU4rsdoVMEhBFT9Qrkx4bNWXVz9MJwAqoxgoZ6OQ+8AsXbdaLJ1y0ohaSEg7/RbzzB0SC7ZtQeBZuPctHIHwcF5JnQIWpQk5IFJlTWldwEvhnnnrwlWOZqngIf9+uD23YwPaywSXovzPgxvtHgM,iv:29lJtDiyYC+XgLIkumGbugCvvTXp9gDiOwKRdagDEjU=,tag:fApsukDpsWa+lvOlcotndA==,type:str] + yor: ENC[AES256_GCM,data:jGodjp48W32LYCZZJ84VKQQ4ZQA4CQVOni1pH3Ua7jJWwnQmPf6l9vCXjiMzUR2MYE6oqKnh5ltZ2LuigHHayA3QFF/fM47iASt1/8+iGMJKU9igjeOJwzKHqI0VjrkicsYPqvd11ruqDifV8lwzV4A9+kg4hoIoqyNArmCOoZp/1U11VPjCKtmEAZeX2sZDul12M4BiV47lPqeEjA7njYs6jZcw4NKmI8NLL8JitNTl4CkKKVOPmTMPcOPyfeTvfndO,iv:nKWw8z8LZ8/Z7oFsy4zSrwChnDDOyMolQgNUVPJE9XM=,tag:gb2v41j+bZk4qWLijsPjEg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHRHNEbFRKR2xlc0piSjZt + RHpuQmtZUGc1K3ZLSkQxSnVMdXZIZ3VDTVFRCnViTkhmbkozczN6aTBsWno0V0lV + YjMyMXhncVptZEpEdVZ4Mnp3RlRLR00KLS0tIC9PaUlCSDM2cGppb3NGQkRtdlQw + N0V6Ri9xY2Fkc3JkSmVRdndZc3E5a2sKFiwkii+9vEMaObTSwwb2T7WaBH0VP0qp + DHMt9nnKfZNun9nW7PGtQwuomfJ6SHGoKwsC2rlt2UqLcETgbgPF/w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-06T17:48:01Z" + mac: ENC[AES256_GCM,data:ZwUQF6/CqEtCRj3uOA8W+UdWZtrZPOhL4E+q293qCfg6GNaDcUEZ6prnCyTagexVmdYeGF6ZYVPwf9OeG6B4DeKgvUwtV7SvzRqnp1C/qtMYP5fhNO47y4bgGTsHhlLdy43TKxav4O8zJfkbCftFBn6VVNI9Lu+73ewFLuiOUrM=,iv:WInvcSPh98dR4sl9/LbUXkf6altRDHOlqiOPLAWkp+c=,tag:zKCd32I9w6BSukYREx6NXQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/secrets/work.yaml b/secrets/work.yaml new file mode 100644 index 0000000..294e857 --- /dev/null +++ b/secrets/work.yaml @@ -0,0 +1,24 @@ +work: + shadowsocks: ENC[AES256_GCM,data:q4CGvIi+kRLDth/YY1FYS3OR64jDoeTvLNxGryPGsLUBK8enOIH8fbXL2J122vzNOZ7KChRQEn+6J2Bxq5KJwpzwzfk2wRNtxpzNsegVcDM9AOjcn/4ygZLkHD0NInW/IX0WElObempVEjLSoe+jJQNzL70ZxNEgW4BqEbGfo0TULY+5YqWse+1jVz85VFMT6QqdiweIY3B1wq98JQUoOme/i2QPHcnMv0uJWyrS02OcSyjlHRBe5m7M4nq0uLQEWIlJ,iv:D6zv6PNIzzXZo8orA/FRseHHMDUEbk2QE0YfO3HYT9k=,tag:TuDWP+E1aKQekYgIUb6m4Q==,type:str] + password: ENC[AES256_GCM,data:5qxuI746kcvfAGf5Xn7P,iv:cRptb0CCu/oJO54G4R/3xHTUig25VnCmpDXZeLHbBXg=,tag:gEid1MGUazHefOd2BoJhXA==,type:str] + ovpn: ENC[AES256_GCM,data:zGwTt/kzJ6JGfXHw9fhMeWcc/dpBR4d/xT/J7SoRMLEGCuBlRC0/ekYiyKnu7K8KyAIn1o2BjuiiNntTYWwxzWqWUuafapHQnNSTfnvjgM6ha+snVZ8cSepxV/oYfxAVKb4wZteSSeFiu8+KJYdnhCH4DlnSjrs9RRh09y0Lb6WVge+g8lzGMpS/fXUwwPGVbEi1kADphS4sVGPceK7sWwxm0rDnS4HNKpF/AYzNhgcaEzyC6v4AmdUJKPWeF5EpbqAzb4NvjQKDA4FbcU3MMlJ75jBHd0X9zAqTLs3+cFuy/wycEVtSbxLbU7Lor+QDMLQiZ0w1HtcAh74ljr6lLygz8rmmqrgh48TAu7z8o56cnTupLbXHRcNr9fEtz0DO+b3xUvSp4c7nxyk+bYkElnAFi73f4zKqzSMpJHWfSvw4nq9mPsQPDlsJlY84PZDGG/uOgNI7rmctesUQ7wW1qeGR9/zp9mLWJ3BPnTN0J23pvrTzPZ3R5EazqxNzGFjGZVJalvd7W/J1M9DIowaNoBoaa/OgmnFni56PtK4b1y4uK+EczKysz62PZDPdUr0/eNPOCI5uFiR/VopnKtgOEezSsJsIbhCgRce5upQuP6Zr45PiNe+9UFb8+MiPIUEEx2+h+0eGnonEBU/z6KUSPjBFYT56wGOLP0zXiQRXMmCUQ9xCOTJeLbnpGrOjmqoO/f0jA6cPPwA81ikhJP9BTSJcMkEj2CIEBIyNNG0VTdRx3z9oyiBjKeqzU8P95L0YO7sD0qopd+BCOYOedQrSfgk+1gMJ2xzFFRBMcXY595OfMzNctkOacxQAOGfCdBFUSp1rsp46eTG5LlAVyQ+KA0ZmeEvVvHCWPTV/N1y6qM4HfKy62KA7ahmMaznHFBTRMtrVAWontcNH703wj5MGNTpDSPYw6+UBhmpkZoFjSNxzv2+t/xuFBeUij5KaEUEFmQvqfhxPQRZXZa0CC5CbTd4Iwms9Z+cVGltqQqrGw7opgkj7WgpSlnpExy+hgqIS9Erv81SN6r6mLesha/kIJXl829jeFwTB7wuSJK1JX9mHhA841ZtMzWO7zYBCI39N0Fd79PXf7+yExGzM4gSkckObPpgIKsTM0tBCBqQFyaukj8PKv3xp5nIqo1pYOQAY9Lr6zhTZJi6PXGtLpRVGgTUzozS7np8ize3QzYOqiAoilVqMqRmYTGr3t3v+1ETkFKfmDW9lyHYZHuN5oAi/ymTX3iCN9aV9XvjdTY/e9TQOBfPQ7dgpvoFKVEyA4APirF3h6kwzU7eXuhTCqKmWP+wqgWGN6B6B1nb0pnZl5uWM3ed281df2mjysAtLH7cOnT6nQWFTOVs4He4mSTxwBbzLfMua8mI+huhnGM1lLOSHAlNy+J568kwFKuPV7/EHKHCngmN7po1sKKnI53eWqJoSzMgebdYTsT64rHy7HM+Nk33xxHV75SKbnh16m70jDiwKxUQsgn7xxVPpvyRjzfP7ediwAa4I543fziAWc7FZivB0/Cvo2umwFPRg1m9pzbNoEBWtGryw6s0jNB0edD99c/EMoJWv1WDrBU2TSm3KMPQ5EoFJyjszb6aW4QAPYg44Xw77Fnaaht0v57afnbHvVS8GCIXh6Rqs8PQePRKgFHg6GZLGMhMSWYMoaRXX2rQ9KIe+VQ1BilXQcocuBzL8MJktaGKSpjsZ7YXrEm57dlfyqjpckgXYA8wk7wcMyL4dsWC1nTfrPd7n0SZIXvZ+EqR37eRlC8RRFCn2KpL0KzoaoYWvhoq4pvffKYq+9KNw9yYJfqgnuxjxrg8p6izl3cgqEXV6aiDnqaDUv81yvSkspcEMO/hn4gyTgebkcm/P7YHu+aZnhxwehoGIr17uYZVye4bJATrZid5JidvadFlB4kfn4q8ZLpuQSrjrP36RCmVteFsP/BGeAjk/cubXpCe4XR3VRR3Siq6kAWXLYh7hv3N5jrr5vwkzFQvWZmy1RW7NvX2B1YBLqIYYgBf42Hn1Rft8z1bAVEjX58HFK6I+d36qaenNi35WI2M3ufJmkWVyasaDRHMwP25ysYfavSoIiW6STtHx42k11aPakBJD0lLRB3WbrOkFfqPmn87EcTeqbWLeS51eQQ1hUqxIrXdnHDhbgZE/Ke0GBcXqekVR/CTSvFBCwwvjOy6SrwyCnzPOX+Qg6s7x1yJi9Q9S9AALYdsVxOXCO/sn3OAXBLcdyP5MFS2vRvh/5vCBnEQbfRrHTHi7EWty341DseB3PZpOiBSE6A6rUcdEAT8qKxcbZRxpQja1tmdxJGjBCiweYe30bsALifggpyK+n3oxsjjcNwjFlTQ9oaWHSrMSHMEVnQ1IsPqZkcQ2JNbX3WO7+fDKktWGA5TEWoF02S2z5sacb7pRkekElm4EmIDfQsQyCsbQZZmBID5G5JHwz1X9DcyfFWsATrj/qPt3qkTPfKkJ3grn9FZGsNDEePGE7eo7gJ7bIN2s6qF6dnxxtIdRrT/3pVKzuYE1SEfSbVFfJ8KMVe20ac7LL0tKQiqj+INLTSUIQzZg9D8iYVt7mhdPEVL0uvScp2Mu0VRIi28tzqe5znMq/hYiVRbCdod6nHQUdDegFIqpwsUNBJDL/WGXSqo3coO/57JeYYsxkoR7Fge7iAG2hAgylkTfdJzpsusXqBaqxNw5rDGwkXFflv0ZQViROXUc1Yv9wfZli4M9rmC/JIyikzDyRrn+990csrCsi+jNHFXyrPvR2PPWrUYufilun/B70jz+TDJnRRTMw7bKgd26l13+rmmDZj15k98MbbYPoAVpFWwSnKdZge4Xdgp2CNn9qSYnlv5dUUBUMrboMNnQfEUSMAjSZZ44HnDuAwaRzLJsHhHBm7gF17hSdoSVeKmEcUmzLQ68wPT3ravz4z6KmHUTolSF0nqIpeu2wm9SoccRm4qBo6snxU3nkNzEiiLJz3qyLGRuUnDWHmFzSsGRCZ559+Uswe4kzQuz5YTn8hoSy9dylvCvy0pvgp4MvZsFe3N8Yven+L3hohb9s52i1MYRw3jpM+rznrzoJSVpiwOSTfCa1tK9g3XclOFdy88WZDKAh6i/VJI3cERZdXnwucFqvus3OppjiNgwEcpgVfaBcDL/cguHHFAkcj1TxGgzJ4RwmtP93+Kp3XN8+NQMV611p7SwJsXwFlOu4i5MCyMuYUBba0kDcTRyEg1OcM7ZVM7322kyTzu75C+fJDXPrL59xWHU3U9Y9Rhn1Gl1Inhy03bJ+xFp20K2dQfroAAgGf+HTwVWTFzygx5D1DLGsoH8ckdDHYTvOLexjltzxSw8aHSReXo0NfkP6qxFN4NYikzpQ5bx9FWIFL5nmHKRfBlumqyaM4OIvIhAp9kP4+xYdiVJCjzkidW2Kw33hRX7Fbu/2u0ID1pjVYmq72nyj+2+/dOebfYXvCH+rFf3v/U+KQ5F6wRLwwgJCbE28+JolirUt8PxX3+cfeskYtnZs6cEpIrmJmVqCXf9qwP2k9vFT2Bp6oS5ff2ENNiRJWBXkQWivrhS1wuZJ66XNNYa/r1W0kW9twh9vADBIHSzaZtif/SI0lYOt4Nt74Fx9ZqOWwpgmU6JrDiDVxtao5g4AZp81G4gUx6JwoS0HSi3i7/ImfrX+tZG2smjiLHoxPJYLN9uqqHF5IBkPmdlAG+1kqsjsXIgb3zLQBCjTNsd96cFgyT8lXQOGD7Hz31NDBX3FnsTyxOWNzyWpDbFSOh4VlY77eP3y3673qIJ7JPAjLyeutQ7quiqvYtVVyzWN3c1Hbuagd9tz/hl3tPfQn+B1SlSO/5KZROYBN9b4Iqslu5hE7VVPXv2by/qLCAm04daFLpHO+wzPByU02qDDoamA6wHLy8kY/z9Au4A1dm2v0BZ8+xVpbMbFGiou04AAtR/cOFECmNLQiLFaEDq3rkGFbcUXGLm8t52mnO/3FhxO0sw15o7HKRZpCDOMJuWnxjZzPu/wmqWOFh3d1jEWvU+Y6+JR9Lzf9pncLvt/9E83YijgPKVviSwFWG1gc3Ob0HDBZxizk1+cTlncLXKeKOjS65EMdtB9Mo8lcaD2BfTAwDOAK+bH6eICq0pNny95yqAv2p1aFpHqFLe9KrYELjHISl7b0J7oh3Xbwe+wcLZMWwthKkCLOufqOft4HPuCAVjQz2XPeTlc9b3,iv:FEBT6q49/pXSon8NFmPMww6t0oQiDhql4dUq/Hof4rk=,tag:LI/uE+iyFgWK1SPUf3ZiLg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QjhmVHpaTU1JNkFuKzhY + TVZOTVVuQ2pTYURzNXBoTGVSbVFPL2RJRlZJCmptOEw1ckhCWTFpNVc2aGhhY0Fl + aEFMSVpvbGRCckZlcEo0WEtTTHIxOTQKLS0tIG1PZUxSejJ0WGVmV0xIQVJnanpU + QzcyK0h6YldzTkYrZFJXb3YzOG9qK0EKpbeTaXm6pAgAmaUKdu9s/+VBVxzWZwmj + aditPFcdqIhgkSoRoJhBLE7S4QZ6clCmKP4gCWVHg0KgpyKaZgxOFw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-06T17:51:32Z" + mac: ENC[AES256_GCM,data:QnGDLbYOckEv4E1zhlk+/SGXcsVWwvQSlUT9KmebbmhMK26n9oC8geFFDwUbmCdLH0sc3pwKtKByBVi6zbFL80h3oHKUdO0WOp327y+sLgIIgZCL8IPeK9MhBOnNof3Sxm1HGEpa7u+Re79V3Ge4DRfGosZ9+kEMD7VDI+TlMtg=,iv:puq/41f14R0/yyEehahJ4n0qzQypW8S4OvKgLXpkPLA=,tag:2TbabTs2tth62nJuafYPLQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0