Initial commit

.sops.yaml

@@ -0,0 +1,7 @@
+keys:
+  - &lil-maid age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+      - age:
+          - *lil-maid

README.md

@@ -0,0 +1,4 @@
+# NixOS
+
+My nixos configuration. Heavily refactored.
+

flake.nix

@@ -0,0 +1,32 @@
+{
+  description = "nixos";
+
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+    sops-nix = {
+      url = "github:Mic92/sops-nix";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+      };
+    };
+
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  outputs = inputs:
+    let
+      options = {
+        inherit inputs;
+        modules = ./modules;
+      };
+    in
+    {
+      nixosConfigurations = {
+        lil-maid = import machines/lil-maid options;
+        maid = import machines/maid options;
+      };
+    };
+}

keys/lil-maid_nero.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaWnT7mpLERhm3zIWglNy094a7F7d7cpEImLZYwwWoS nero@lil-maid

machines/lil-maid/configuration.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+  time.timeZone = "Europe/Moscow";
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen;
+
+  system.stateVersion = "24.05";
+}

machines/lil-maid/default.nix

@@ -0,0 +1,13 @@
+{ inputs
+, modules
+, ... }:
+inputs.nixpkgs.lib.nixosSystem {
+  system = "x86_64-linux";
+  modules = [
+    inputs.home-manager.nixosModules.home-manager
+
+    ./configuration.nix
+    ./hardware
+    ./modules
+  ];
+}

machines/lil-maid/hardware/bluetooth.nix

@@ -0,0 +1,3 @@
+{
+  # TODO
+}

machines/lil-maid/hardware/configuration.nix

@@ -0,0 +1,33 @@
+
+{ config, lib, modulesPath, ... }:
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ "amdgpu" ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/nixos";
+      fsType = "btrfs";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/boot";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-label/swap"; }
+    ];
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.enableAllFirmware = true;
+  hardware.enableRedistributableFirmware = true;
+}

machines/lil-maid/hardware/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./configuration.nix
+    ./bluetooth.nix
+  ];
+}

machines/lil-maid/modules/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./network
+    ./graphics.nix
+    ./sops.nix
+  ];
+}

machines/lil-maid/modules/graphics.nix

@@ -0,0 +1,11 @@
+{ commonMods, ... }:
+{
+  imports = [
+    (commonMods + "/kde")
+  ];
+
+  services.displayManager.sddm = {
+    enable = true;
+    wayland.enable = true;
+  };
+}

machines/lil-maid/modules/network/default.nix

@@ -0,0 +1,14 @@
+{
+  imports = [
+    ./firewall.nix
+    ./ssh.nix
+  ];
+
+  networking.networkmanager.enable = true;
+
+  networking.search = [
+    "8.8.8.8"
+    "8.8.4.4"
+  ];
+  networking.hostName = "lil-maid";
+}

machines/lil-maid/modules/network/firewall.nix

@@ -0,0 +1,5 @@
+{
+  networking.firewall = {
+    enable = true;
+  };
+}

machines/lil-maid/modules/network/ssh.nix

@@ -0,0 +1,9 @@
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      Compression = "yes";
+    };
+  };
+}

machines/lil-maid/modules/sops.nix

@@ -0,0 +1,16 @@
+{ commonMods, ... }:
+{
+  modules = [
+    # From this machine I work.
+    (commonMods + "/sops/work.nix")
+
+    # From this machine I develop VienDesu!
+    (commonMods + "/sops/viendesu.nix")
+  ];
+
+  sops = {
+    secrets."users/nero/password" = {
+      neededForUsers = true;
+    };
+  };
+}

modules/default.nix

@@ -0,0 +1,3 @@
+{
+  modules = [];
+}

modules/kde/default.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  services.desktopManager.plasma6.enable = true;
+
+  services.xserver.xkb.layout = "us";
+
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+  environment.plasma6.excludePackages = with pkgs.kdePackages; [
+    plasma-browser-integration
+    konsole
+    oxygen
+  ];
+}

modules/sops/all.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./work.nix
+    ./viendesu.nix
+  ];
+}

modules/sops/viendesu.nix

@@ -0,0 +1,6 @@
+{
+  sops = {
+    secrets."shadowsocks/gneg" = {};
+    secrets."shadowsocks/yor" = {};
+  };
+}

modules/sops/work.nix

@@ -0,0 +1,7 @@
+{
+  sops = {
+    secrets."work/vpn/ovpn" = {};
+    secrets."work/vpn/shadowsocks" = {};
+    secrets."work/vpn/password" = {};
+  };
+}

modules/users/nero.nix

@@ -0,0 +1,6 @@
+{
+  users.users.nero = {
+    isNormalUser = true;
+    uid = 1337;
+  };
+}

secrets/secrets.yaml

@@ -0,0 +1,31 @@
+users:
+    nero:
+        password: ENC[AES256_GCM,data:jeCnQxWnVC7d7XCKysbeGR2NzMPNYYva+GCdVV0vr9CAeoACVAWFn2+YfOJyKIndd9bAWayKm+cH4H8oCyX01YB0RPZVQ5KPn7vfmx/ZRy0iyiH5Jf+nQzWsO1LTp8b1G+VqW1rkaHIBUw==,iv:eHSiATFjJaHMr1h1dwGNXZGbsMa9Jd7ZPCYH7Hgx9xE=,tag:vumuZVlyZkvgn04L4OjFjw==,type:str]
+shadowsocks:
+    gneg: ENC[AES256_GCM,data:rkePyYk4YkkEBsw4KlgTroXrXM/8LLL/tydlOvQhuAp4yts4MXB4COwuKIU0zXnBAoNrfjD7AEOTcL4qqm7XpxIIC8OpAj8bXsTrXaaiFR7zi4WQoZCrKc6z9tQ/ayA9Ur/BdEFEDWMpatfnjwLSJmM6MVmBjXXIUieHyYeIEMS4835OB4oBhYtk3famp1qTY3imIGRVVx8ht8GOtLog5vqEGQqjCNRsmKyGrdF3T7vkWr4jD0HfnxloNgHSgF0W,iv:h5upsrpsKyP77ChnY/Tp2CSQ9VLJ3JwpebfTSaRfvfQ=,tag:nmnxZX0c4Nd4tSFp5PugSg==,type:str]
+    yor: ENC[AES256_GCM,data:vKJm5K6bH8XSr6LZNMBL+xm+7KQksxXjbYcu8rtX/8KUWT93mgvQPIJ3jt77aVokQGh2WLTwWjFSznUlKHrIazQbycWRUXyGNW9JhH2y9V5Z6eKd4uMUg4fSVIRRL1s3fYWHJ4uCTDtiuc5igCLkXbAQnsHPIIZCoLF+gP3vEFCodovg2SvgDx06dZ5mbngzvb3rKn6I65nmVzFd5mxmU11ESrtxTDIS9+2nLkfK1Z7gwpKRNL22xtsyQabQyYXZbDSD,iv:UVUtyuDa5xOdbW+F1PBn9+mbxk6fiin2P3isHlccDk8=,tag:B+ptYDjR3Ua7LnIhdUMItA==,type:str]
+work:
+    vpn:
+        ovpn: ENC[AES256_GCM,data:jXoGx9gMsW2t54R/sgGBCRUOlAsxbXyO6hBqzgM8T6cvRjbkacraSggVlUavbfz8OeFYIeiGpvnD4Tw4hyP0xapq2criYzznLO3dR4yGfDs18wI0MhOk5RXdJM5s9emLIlN/cZvJWrwF7Ao04PS9VfYVLWaVSrhaX+W/CUVfHfYFS4zhQR52oRuKIko0ULIwgamN+Z49+qn4uN2bLksgiUSH8Fz7p2DUVMCaJBlNkj+2PectML0LNMy2JXB7nZJ5pl7Qsq1S0YO+pGhPrusaKzQrcEd4rj9/lYFBxFekWyvvRl8uQAena8NSW9TkXhJFoKejn6BQB20IOtE4TD1GWgcQtPsz1sKA8/4beVARBPnoR0k6XWnXeA/0wbvqXEQOW4uhhCljCnuZn4Xlfsb+vfvUm4LPxUu8CJhnqMgYij8JbUx1UNhucbrZ3CLXQfhcDYtdJT017cBUphFkq472UP8K3eGyiBi+5+A2ztVBE4Ii6o5WSG7SodRPkoj8v79vKGIGFbapmYVMOjl3+O16L7YA3kZEW85BilNw1VpvdzrV22Iym832eS8bFCs1pFHl9gZmddof2fYTIrKPdJ1GbVruJ7zQedT5UtIV3BnFEC9oPn0MvZ1/5+U7R8bYg/dKeMCrh5ymWdhQVOGtIHOn6hyt/WmlyBn8ekN3aryEtvoO55wv9UeDJfdpxUkG0BOXVsTofwuYR8025dgdmqJQ6eFAoTGNJCQnr3osNYdjZRMU5d57/FWYzQpSAI8zpiN2f+5zRE6fsvvqtfPQSOTudnxAsVexzTB0Tb4IO/9qzV1H3vTTFWI8JUQoXEaMKYJYc3B8n3NKeAfYhA3Byvt9ISdxS+TfRgCy0mT2LuK8RTAfupkJyMs/1e62DAuFBzBg3u6ynl7jkn4irtK59NlpP5Y9pDGGZ6NRMwF0MlVdhQk00k3Yb9cUTIGwSuse+vaeEH6JpSBueAZEz0g6VcbTAJuWr7YZlxGCJN5XoWpYAKDA010m49CR5XMdDtB+o4lD2awHmlA/b42p1TMt6VshB+cgd2QV5+dNTsSClZFFxULkxZFKk0QEU71rh4YIbgW+6FWcB/r3l4cnqoWgg91Xaa2L/GtvbMgmba8LCw9StEAMuSGXNzn1AsrfVdvyJrn3Gzc/Pz76+uRcZyKtDUr32EAl0dUVhUcfqwj/nM7nGGnrxeSl8K/nH5rnkU/8daMq6wGfmEubyaYWC+h3Mp+tUb4xaj7Ix8RUlGVPWJTpCcg64vJpRess7svmAElK3vMacJoA79A+JTL6f989dVDpVfzVru8216D0EHSPxuaTsFor0n6PK8gHiqmWfD48nyOWkfo3QKsAigiLs0oR3QNLOJfc8nKEw6nuVMXL3o4476L6KvaGkRSLZkZpPD2q71InW1VwrZpsqTFFVFCOEVP4IxMWwr+etgC28Tw0L8XBLBMEjcmT/ZN3joXh98DHUxNLIbeVkl1PbkUn940LE1FTy3xR/QataUl9ptXoTSmcZGEQeMgq12WK/WKKGbZTX8TLdiENud5rjo3gcSm8U3hXKNcFE+ySfsNehTAlF5aOOMRTsCQwXpyF3cM/UDZJn5Rf30ZD8b5r/mMBHzyq2GtO4tuH6rBI6qXeZQ1zvq2R9KLVi4lbdk3LSfFYnkaboQDfWaTj/BCQNxRdfa2fJp6Q/iedOQnN8mps3wCERcT9O7jkg9Ig+jt0yKQIldCrF/2wgE7UG32yq17EjHgDu9Fo0U0eezuKH3YL//bBPhBBswp4hjSP3N7X+gdVOq5IvwaCGQqJlYY32v04rr55HjoucecsVxxJ6J2vA44PpvN0mb+mJJg9pVih13ZK0f2rPQd6vEasKeBuQTwso0P6PAIeg3ILB0+MiwTB9l0twHRyzZ2nBiF+atxKlD2tof40BhmmCqhMqKO4B+fSZ4q4DkEyki5tUwMpWosqIYqojzfM0S6rs58dJJHRQ8m7hiJRDpkzjPwUP746zIzz9ch5VXyIfw9uUI7QYe4RHQEC/VyzCdaJtgDD2fJaxDIEf/qw87O42Zi0uINOY2gY7BpdGom5iXgLjy99l6UbbBpGWol2tbbM3iQKI3Z6588KeCmWjE1X53cJhHQZuNG6b2m1JJ0f/OFHlXJx1z52GX5T1xBfbrcDbYuIyebBcDVyOJzFnnSfm4XyBuPs6Nb8XBBTdAoi/fSXU/tQwm4fTHjEqXGeCEmlfU73F42aSzDPZ7yunfB1Z7m0Rkc6PrJvy8F7dzgd9ThQFy4AOEocNMfWt0yCKUYIL8ebDXxswS1+DMkPQhFqRKkjFWhjaXpvVXS26i8U4XEG4V4ZrCknQh0Lba6RUP9DOe+f2nqP/QmHbB+jI145Ak9Pz+iGBRHxYZRToQg7GKeD6a6yXRaJWdoCx4wj9AxZ6ZDHEV2hz7bWz+d8rk/4cZ0aH0ZluZqZMOAdW4txK390qNoNoivZY2NaUb5WoxS1CMXIIgrQUEL8jcGWfdxs88kOLZx6x6FNc6m2+NnL0ctS6giMA00JMi7T4jGzEIYa9zpTO/LEK/Bmb0on/KJ0+h7ECtvi5xC7M069/OGWXXYeVTVqkTI4o16fetJCwxGQxs9mUC/zHrGWC1Sl2TsaV9bgyuez+dlttoxmk3Yh59kNY5Eh0MXKyZyDZPKIZXL6IXxJznoQ06vocEjCtfrpS3LY+jQDJvm0heF2tz+62AMeiBO0VGotRP6LyK7z8uL+i42WNxVXcLTFXlIFfxI2jjIJ3O54qXP63HA7m1Jo7qUEoowFIGD+Sd3i/f1dZwWgMlV0GYexaMrOY2dd8fuFfEcr31WwVJMagxrmmT3Tiv21AKwwVM/88e4hkCUBlugbzs1Rd6zFm2EOBeZsXYjvO39Ah5Y2FPqNc8Ui3PKtpkW0IdUkX1oHWiSaABN4KYFqXKsaj7x0MqwAiTqUx9lJEM4C9WXFqSkA1Pme0qX0XkhVIjWXva+UI36Oy6FsA1EDE8Su6KKOAmrGLO7UE4vs2npsW7MCmXL9fIhTG+D+WhXdylETIEF2Yo8UujyJNMhTQN1eyWvadTypiYPlbUAG8h8hj5JVMjQM5rm+LjvZaabn7VYp+aiZyjaiNCYXHpxiOrEPQ5R4Zk/d6bT28d4S+WPWImI3z5svUngMvdyeHfbZOcWB2gla1/+30C+BIntmfHVu9hzRyUfQSRvBhbaxOgQ/vAe5ujg91GS+KfJ4bGwBSpKLBv6bbFdKZuDakKONOrcxguWf3qDHKukMvfX0p5nLRPzm3ii5g6IGHjSREA8Fi643i7ZrWe6ggQvUM3Mgj5lcnSHlIReYImXkIcdVBE9lsLSdGSYhO5q3HAmYCrcut7vZKsAxJqJ34db5a4ygs8Z1rkz0jRuZ6xt8LI8CqtyZvITolS5wWAobUN5gWlwtGQ9YGNK6VLxzuUiJwnJanzs0bYlyKu4vwEHDuE9S5+MmlcD5NCF9jOvX2XnzHfcE5f4Cn40jI2sVHFxDlcESEiVUOYhikfdJT+A3TKNxyy9NZthoEgQr2zi+zcml6Z9oDrUw3To7DVuK/WLIOUJGkUedBm08CDaS++s+a0Xvpfcoo154+/r9ysW/qJneAXY1iRX3wJUCe9h2WbXj5LaxMT5mmJsv86+pcLBaR+QZwS/uxxeyK+oqbmAdvVMWerMIqutRT4hCzZn8exbnMLlMMihPwEGX+5UpzbWEEi8dciKEU5H9nW9+P7svY0Es6JgPypaSmQZGxF98ihLG6IYD93yArzoIFAiwKh4UP7qQNEikHosKYV4KJLcZXei2wRvT3js29Axq4uz5I3pFLp3RJiq87w5nXieCdSyQzRcBKfLN/ElLsvuUHRtr+F2UgCMtOe8qVHqOYZ3+g28wgd9bYVGXj3ACi7mxuNWk1MsqFXzFtCiQP1IL47TweQpqFiTYWG0VmZZVxyLK4BNDDIXCEmvUxDgH2ELJckL5fZ+C3TyuWILSyy9JHdDzUFCV/r3YyHhLRwfvmWEsR3Geg7J4lwOx3qNmfgZ3+Ozb5C46bXaTm9KouYFooWu5QyftyPveXQq6ECFKHLg8SjU7H7GdDuxQpm1D+uhm6rA2emVQBHGe5Jf/nHc5wiRczGYacjW7TvtFpfAiZM7mKJ8XcCbMFJqz4qODY7KuhtfXaoXTKDGClQbuVENqNIlEU7rPR1IV,iv:fRp/qh5gAgCGEUI5gWJzt7wWyroOwkDBeM5vNd9oeMs=,tag:qq7CNEsxZcaw+VMad3VdlQ==,type:str]
+        shadowsocks: ENC[AES256_GCM,data:E5mqQ+E7wTS2x+F105NNpV7PR1Y29nENJBDeK28dKlRSdlXbLJKHGRUZXNfxnqa5GbhPpWY20cwyn65gt9C+JW3aJGVRK/I45VLpq1dGgkvh4tghTq7by1jwWf/Atgdwf3m3jWsgQqVgQg2w83aKt+JsIaBYQ96quJ4zGLHnJyffSgyH6pAAKLQbm7gW+7nJmMFnCESKc1RiGnnRWxNM03YLHzlMJy+4sSMdVIADOrfmLVJLlBnKLM0EP/oLd9uJMqptqfTU/oQm9nYKP++kkMuUy+hzFxVu2M3N4Nj0HWMATR9HhYiwCq6ApcuFvd11HmZ5tw==,iv:tUaiWqwFXtieaRvn7QW6nN4P1VrEHFuC+DiPiHy12ms=,tag:7lMjF3yLkgH0Rb8ZBWC3+g==,type:str]
+        password: ENC[AES256_GCM,data:bZ3Lx72o4obDEV6oc+By,iv:n3ul/CA/+400v1yQRMCVJSk4FhvtmsXEW1UGqnDhzoA=,tag:z1cLYr3cLVX3EumVJmNyVw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGaW92Q0NWcjRGcFpIOUs2
+            eUJrTEt6N1NyZS9zSUV4eEZmUkJTak93SVd3CkxpN0hGa0ZhKzBVZEZHdk5Cb0lh
+            M2lNc3BPM25wdXBTRHVKN0FoTXQ2eUEKLS0tIDNVeGs2OXdVTUVaUmE5OG10eUdO
+            Q2o4THkzODJJTzljM0wreS9BeUhvR28KPTe0SBbhzh5wgwGLChmojOhK/VD0twYY
+            g87MNWzHgRkWuQb92xRgIHcSPFuqVZ5YIQqjt9w4CXRKjlXovTDnhQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-08-05T17:29:58Z"
+    mac: ENC[AES256_GCM,data:tTQOrH53G6EVcKsgUPYQd2a8ViorpWNTx4bo+iWstN3O4cJPd0U9P9CK0GmyPKYcZxNxRAVellIHUMkjdVR7qJNHHYoPh2XhyOLuMsOcgl45f14RYzWHUPmtNm+UTjtiVvei3Hy0w+DZnz/XAsVBh7SZDsm6Bw4Ygpk18hfktcs=,iv:ntroBAGPxuqZn7RG+cltiDr4UCXbVHTZeV9UDXG8aa8=,tag:adh/xO1pW4yVVo+tIL+oMQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0