Initial commit

This commit is contained in:
Aleksandr 2024-08-05 20:53:43 +03:00
commit 38f32e9513
23 changed files with 243 additions and 0 deletions

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &lil-maid age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *lil-maid

4
README.md Normal file
View file

@ -0,0 +1,4 @@
# NixOS
My nixos configuration. Heavily refactored.

32
flake.nix Normal file
View file

@ -0,0 +1,32 @@
{
description = "nixos";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs:
let
options = {
inherit inputs;
modules = ./modules;
};
in
{
nixosConfigurations = {
lil-maid = import machines/lil-maid options;
maid = import machines/maid options;
};
};
}

1
keys/lil-maid_nero.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaWnT7mpLERhm3zIWglNy094a7F7d7cpEImLZYwwWoS nero@lil-maid

View file

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
time.timeZone = "Europe/Moscow";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen;
system.stateVersion = "24.05";
}

View file

@ -0,0 +1,13 @@
{ inputs
, modules
, ... }:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
inputs.home-manager.nixosModules.home-manager
./configuration.nix
./hardware
./modules
];
}

View file

@ -0,0 +1,3 @@
{
# TODO
}

View file

@ -0,0 +1,33 @@
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/boot";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-label/swap"; }
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.enableAllFirmware = true;
hardware.enableRedistributableFirmware = true;
}

View file

@ -0,0 +1,6 @@
{
imports = [
./configuration.nix
./bluetooth.nix
];
}

View file

@ -0,0 +1,7 @@
{
imports = [
./network
./graphics.nix
./sops.nix
];
}

View file

@ -0,0 +1,11 @@
{ commonMods, ... }:
{
imports = [
(commonMods + "/kde")
];
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
}

View file

@ -0,0 +1,14 @@
{
imports = [
./firewall.nix
./ssh.nix
];
networking.networkmanager.enable = true;
networking.search = [
"8.8.8.8"
"8.8.4.4"
];
networking.hostName = "lil-maid";
}

View file

@ -0,0 +1,5 @@
{
networking.firewall = {
enable = true;
};
}

View file

@ -0,0 +1,9 @@
{
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
Compression = "yes";
};
};
}

View file

@ -0,0 +1,16 @@
{ commonMods, ... }:
{
modules = [
# From this machine I work.
(commonMods + "/sops/work.nix")
# From this machine I develop VienDesu!
(commonMods + "/sops/viendesu.nix")
];
sops = {
secrets."users/nero/password" = {
neededForUsers = true;
};
};
}

View file

3
modules/default.nix Normal file
View file

@ -0,0 +1,3 @@
{
modules = [];
}

13
modules/kde/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
services.desktopManager.plasma6.enable = true;
services.xserver.xkb.layout = "us";
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.plasma6.excludePackages = with pkgs.kdePackages; [
plasma-browser-integration
konsole
oxygen
];
}

6
modules/sops/all.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./work.nix
./viendesu.nix
];
}

View file

@ -0,0 +1,6 @@
{
sops = {
secrets."shadowsocks/gneg" = {};
secrets."shadowsocks/yor" = {};
};
}

7
modules/sops/work.nix Normal file
View file

@ -0,0 +1,7 @@
{
sops = {
secrets."work/vpn/ovpn" = {};
secrets."work/vpn/shadowsocks" = {};
secrets."work/vpn/password" = {};
};
}

6
modules/users/nero.nix Normal file
View file

@ -0,0 +1,6 @@
{
users.users.nero = {
isNormalUser = true;
uid = 1337;
};
}

31
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,31 @@
users:
nero:
password: ENC[AES256_GCM,data:jeCnQxWnVC7d7XCKysbeGR2NzMPNYYva+GCdVV0vr9CAeoACVAWFn2+YfOJyKIndd9bAWayKm+cH4H8oCyX01YB0RPZVQ5KPn7vfmx/ZRy0iyiH5Jf+nQzWsO1LTp8b1G+VqW1rkaHIBUw==,iv:eHSiATFjJaHMr1h1dwGNXZGbsMa9Jd7ZPCYH7Hgx9xE=,tag:vumuZVlyZkvgn04L4OjFjw==,type:str]
shadowsocks:
gneg: ENC[AES256_GCM,data:rkePyYk4YkkEBsw4KlgTroXrXM/8LLL/tydlOvQhuAp4yts4MXB4COwuKIU0zXnBAoNrfjD7AEOTcL4qqm7XpxIIC8OpAj8bXsTrXaaiFR7zi4WQoZCrKc6z9tQ/ayA9Ur/BdEFEDWMpatfnjwLSJmM6MVmBjXXIUieHyYeIEMS4835OB4oBhYtk3famp1qTY3imIGRVVx8ht8GOtLog5vqEGQqjCNRsmKyGrdF3T7vkWr4jD0HfnxloNgHSgF0W,iv:h5upsrpsKyP77ChnY/Tp2CSQ9VLJ3JwpebfTSaRfvfQ=,tag:nmnxZX0c4Nd4tSFp5PugSg==,type:str]
yor: ENC[AES256_GCM,data:vKJm5K6bH8XSr6LZNMBL+xm+7KQksxXjbYcu8rtX/8KUWT93mgvQPIJ3jt77aVokQGh2WLTwWjFSznUlKHrIazQbycWRUXyGNW9JhH2y9V5Z6eKd4uMUg4fSVIRRL1s3fYWHJ4uCTDtiuc5igCLkXbAQnsHPIIZCoLF+gP3vEFCodovg2SvgDx06dZ5mbngzvb3rKn6I65nmVzFd5mxmU11ESrtxTDIS9+2nLkfK1Z7gwpKRNL22xtsyQabQyYXZbDSD,iv:UVUtyuDa5xOdbW+F1PBn9+mbxk6fiin2P3isHlccDk8=,tag:B+ptYDjR3Ua7LnIhdUMItA==,type:str]
work:
vpn:
ovpn: ENC[AES256_GCM,data:jXoGx9gMsW2t54R/sgGBCRUOlAsxbXyO6hBqzgM8T6cvRjbkacraSggVlUavbfz8OeFYIeiGpvnD4Tw4hyP0xapq2criYzznLO3dR4yGfDs18wI0MhOk5RXdJM5s9emLIlN/cZvJWrwF7Ao04PS9VfYVLWaVSrhaX+W/CUVfHfYFS4zhQR52oRuKIko0ULIwgamN+Z49+qn4uN2bLksgiUSH8Fz7p2DUVMCaJBlNkj+2PectML0LNMy2JXB7nZJ5pl7Qsq1S0YO+pGhPrusaKzQrcEd4rj9/lYFBxFekWyvvRl8uQAena8NSW9TkXhJFoKejn6BQB20IOtE4TD1GWgcQtPsz1sKA8/4beVARBPnoR0k6XWnXeA/0wbvqXEQOW4uhhCljCnuZn4Xlfsb+vfvUm4LPxUu8CJhnqMgYij8JbUx1UNhucbrZ3CLXQfhcDYtdJT017cBUphFkq472UP8K3eGyiBi+5+A2ztVBE4Ii6o5WSG7SodRPkoj8v79vKGIGFbapmYVMOjl3+O16L7YA3kZEW85BilNw1VpvdzrV22Iym832eS8bFCs1pFHl9gZmddof2fYTIrKPdJ1GbVruJ7zQedT5UtIV3BnFEC9oPn0MvZ1/5+U7R8bYg/dKeMCrh5ymWdhQVOGtIHOn6hyt/WmlyBn8ekN3aryEtvoO55wv9UeDJfdpxUkG0BOXVsTofwuYR8025dgdmqJQ6eFAoTGNJCQnr3osNYdjZRMU5d57/FWYzQpSAI8zpiN2f+5zRE6fsvvqtfPQSOTudnxAsVexzTB0Tb4IO/9qzV1H3vTTFWI8JUQoXEaMKYJYc3B8n3NKeAfYhA3Byvt9ISdxS+TfRgCy0mT2LuK8RTAfupkJyMs/1e62DAuFBzBg3u6ynl7jkn4irtK59NlpP5Y9pDGGZ6NRMwF0MlVdhQk00k3Yb9cUTIGwSuse+vaeEH6JpSBueAZEz0g6VcbTAJuWr7YZlxGCJN5XoWpYAKDA010m49CR5XMdDtB+o4lD2awHmlA/b42p1TMt6VshB+cgd2QV5+dNTsSClZFFxULkxZFKk0QEU71rh4YIbgW+6FWcB/r3l4cnqoWgg91Xaa2L/GtvbMgmba8LCw9StEAMuSGXNzn1AsrfVdvyJrn3Gzc/Pz76+uRcZyKtDUr32EAl0dUVhUcfqwj/nM7nGGnrxeSl8K/nH5rnkU/8daMq6wGfmEubyaYWC+h3Mp+tUb4xaj7Ix8RUlGVPWJTpCcg64vJpRess7svmAElK3vMacJoA79A+JTL6f989dVDpVfzVru8216D0EHSPxuaTsFor0n6PK8gHiqmWfD48nyOWkfo3QKsAigiLs0oR3QNLOJfc8nKEw6nuVMXL3o4476L6KvaGkRSLZkZpPD2q71InW1VwrZpsqTFFVFCOEVP4IxMWwr+etgC28Tw0L8XBLBMEjcmT/ZN3joXh98DHUxNLIbeVkl1PbkUn940LE1FTy3xR/QataUl9ptXoTSmcZGEQeMgq12WK/WKKGbZTX8TLdiENud5rjo3gcSm8U3hXKNcFE+ySfsNehTAlF5aOOMRTsCQwXpyF3cM/UDZJn5Rf30ZD8b5r/mMBHzyq2GtO4tuH6rBI6qXeZQ1zvq2R9KLVi4lbdk3LSfFYnkaboQDfWaTj/BCQNxRdfa2fJp6Q/iedOQnN8mps3wCERcT9O7jkg9Ig+jt0yKQIldCrF/2wgE7UG32yq17EjHgDu9Fo0U0eezuKH3YL//bBPhBBswp4hjSP3N7X+gdVOq5IvwaCGQqJlYY32v04rr55HjoucecsVxxJ6J2vA44PpvN0mb+mJJg9pVih13ZK0f2rPQd6vEasKeBuQTwso0P6PAIeg3ILB0+MiwTB9l0twHRyzZ2nBiF+atxKlD2tof40BhmmCqhMqKO4B+fSZ4q4DkEyki5tUwMpWosqIYqojzfM0S6rs58dJJHRQ8m7hiJRDpkzjPwUP746zIzz9ch5VXyIfw9uUI7QYe4RHQEC/VyzCdaJtgDD2fJaxDIEf/qw87O42Zi0uINOY2gY7BpdGom5iXgLjy99l6UbbBpGWol2tbbM3iQKI3Z6588KeCmWjE1X53cJhHQZuNG6b2m1JJ0f/OFHlXJx1z52GX5T1xBfbrcDbYuIyebBcDVyOJzFnnSfm4XyBuPs6Nb8XBBTdAoi/fSXU/tQwm4fTHjEqXGeCEmlfU73F42aSzDPZ7yunfB1Z7m0Rkc6PrJvy8F7dzgd9ThQFy4AOEocNMfWt0yCKUYIL8ebDXxswS1+DMkPQhFqRKkjFWhjaXpvVXS26i8U4XEG4V4ZrCknQh0Lba6RUP9DOe+f2nqP/QmHbB+jI145Ak9Pz+iGBRHxYZRToQg7GKeD6a6yXRaJWdoCx4wj9AxZ6ZDHEV2hz7bWz+d8rk/4cZ0aH0ZluZqZMOAdW4txK390qNoNoivZY2NaUb5WoxS1CMXIIgrQUEL8jcGWfdxs88kOLZx6x6FNc6m2+NnL0ctS6giMA00JMi7T4jGzEIYa9zpTO/LEK/Bmb0on/KJ0+h7ECtvi5xC7M069/OGWXXYeVTVqkTI4o16fetJCwxGQxs9mUC/zHrGWC1Sl2TsaV9bgyuez+dlttoxmk3Yh59kNY5Eh0MXKyZyDZPKIZXL6IXxJznoQ06vocEjCtfrpS3LY+jQDJvm0heF2tz+62AMeiBO0VGotRP6LyK7z8uL+i42WNxVXcLTFXlIFfxI2jjIJ3O54qXP63HA7m1Jo7qUEoowFIGD+Sd3i/f1dZwWgMlV0GYexaMrOY2dd8fuFfEcr31WwVJMagxrmmT3Tiv21AKwwVM/88e4hkCUBlugbzs1Rd6zFm2EOBeZsXYjvO39Ah5Y2FPqNc8Ui3PKtpkW0IdUkX1oHWiSaABN4KYFqXKsaj7x0MqwAiTqUx9lJEM4C9WXFqSkA1Pme0qX0XkhVIjWXva+UI36Oy6FsA1EDE8Su6KKOAmrGLO7UE4vs2npsW7MCmXL9fIhTG+D+WhXdylETIEF2Yo8UujyJNMhTQN1eyWvadTypiYPlbUAG8h8hj5JVMjQM5rm+LjvZaabn7VYp+aiZyjaiNCYXHpxiOrEPQ5R4Zk/d6bT28d4S+WPWImI3z5svUngMvdyeHfbZOcWB2gla1/+30C+BIntmfHVu9hzRyUfQSRvBhbaxOgQ/vAe5ujg91GS+KfJ4bGwBSpKLBv6bbFdKZuDakKONOrcxguWf3qDHKukMvfX0p5nLRPzm3ii5g6IGHjSREA8Fi643i7ZrWe6ggQvUM3Mgj5lcnSHlIReYImXkIcdVBE9lsLSdGSYhO5q3HAmYCrcut7vZKsAxJqJ34db5a4ygs8Z1rkz0jRuZ6xt8LI8CqtyZvITolS5wWAobUN5gWlwtGQ9YGNK6VLxzuUiJwnJanzs0bYlyKu4vwEHDuE9S5+MmlcD5NCF9jOvX2XnzHfcE5f4Cn40jI2sVHFxDlcESEiVUOYhikfdJT+A3TKNxyy9NZthoEgQr2zi+zcml6Z9oDrUw3To7DVuK/WLIOUJGkUedBm08CDaS++s+a0Xvpfcoo154+/r9ysW/qJneAXY1iRX3wJUCe9h2WbXj5LaxMT5mmJsv86+pcLBaR+QZwS/uxxeyK+oqbmAdvVMWerMIqutRT4hCzZn8exbnMLlMMihPwEGX+5UpzbWEEi8dciKEU5H9nW9+P7svY0Es6JgPypaSmQZGxF98ihLG6IYD93yArzoIFAiwKh4UP7qQNEikHosKYV4KJLcZXei2wRvT3js29Axq4uz5I3pFLp3RJiq87w5nXieCdSyQzRcBKfLN/ElLsvuUHRtr+F2UgCMtOe8qVHqOYZ3+g28wgd9bYVGXj3ACi7mxuNWk1MsqFXzFtCiQP1IL47TweQpqFiTYWG0VmZZVxyLK4BNDDIXCEmvUxDgH2ELJckL5fZ+C3TyuWILSyy9JHdDzUFCV/r3YyHhLRwfvmWEsR3Geg7J4lwOx3qNmfgZ3+Ozb5C46bXaTm9KouYFooWu5QyftyPveXQq6ECFKHLg8SjU7H7GdDuxQpm1D+uhm6rA2emVQBHGe5Jf/nHc5wiRczGYacjW7TvtFpfAiZM7mKJ8XcCbMFJqz4qODY7KuhtfXaoXTKDGClQbuVENqNIlEU7rPR1IV,iv:fRp/qh5gAgCGEUI5gWJzt7wWyroOwkDBeM5vNd9oeMs=,tag:qq7CNEsxZcaw+VMad3VdlQ==,type:str]
shadowsocks: ENC[AES256_GCM,data:E5mqQ+E7wTS2x+F105NNpV7PR1Y29nENJBDeK28dKlRSdlXbLJKHGRUZXNfxnqa5GbhPpWY20cwyn65gt9C+JW3aJGVRK/I45VLpq1dGgkvh4tghTq7by1jwWf/Atgdwf3m3jWsgQqVgQg2w83aKt+JsIaBYQ96quJ4zGLHnJyffSgyH6pAAKLQbm7gW+7nJmMFnCESKc1RiGnnRWxNM03YLHzlMJy+4sSMdVIADOrfmLVJLlBnKLM0EP/oLd9uJMqptqfTU/oQm9nYKP++kkMuUy+hzFxVu2M3N4Nj0HWMATR9HhYiwCq6ApcuFvd11HmZ5tw==,iv:tUaiWqwFXtieaRvn7QW6nN4P1VrEHFuC+DiPiHy12ms=,tag:7lMjF3yLkgH0Rb8ZBWC3+g==,type:str]
password: ENC[AES256_GCM,data:bZ3Lx72o4obDEV6oc+By,iv:n3ul/CA/+400v1yQRMCVJSk4FhvtmsXEW1UGqnDhzoA=,tag:z1cLYr3cLVX3EumVJmNyVw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1emnd8nmqzfzeavkzcsk3drn65xky22af6r5wxwvm2k067kkt4adsqxyv2u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGaW92Q0NWcjRGcFpIOUs2
eUJrTEt6N1NyZS9zSUV4eEZmUkJTak93SVd3CkxpN0hGa0ZhKzBVZEZHdk5Cb0lh
M2lNc3BPM25wdXBTRHVKN0FoTXQ2eUEKLS0tIDNVeGs2OXdVTUVaUmE5OG10eUdO
Q2o4THkzODJJTzljM0wreS9BeUhvR28KPTe0SBbhzh5wgwGLChmojOhK/VD0twYY
g87MNWzHgRkWuQb92xRgIHcSPFuqVZ5YIQqjt9w4CXRKjlXovTDnhQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-05T17:29:58Z"
mac: ENC[AES256_GCM,data:tTQOrH53G6EVcKsgUPYQd2a8ViorpWNTx4bo+iWstN3O4cJPd0U9P9CK0GmyPKYcZxNxRAVellIHUMkjdVR7qJNHHYoPh2XhyOLuMsOcgl45f14RYzWHUPmtNm+UTjtiVvei3Hy0w+DZnz/XAsVBh7SZDsm6Bw4Ygpk18hfktcs=,iv:ntroBAGPxuqZn7RG+cltiDr4UCXbVHTZeV9UDXG8aa8=,tag:adh/xO1pW4yVVo+tIL+oMQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0