Initial commit

m/default.nix

@@ -0,0 +1,14 @@
+{
+  imports = [
+    ./sops.nix
+    ./hypr.nix
+    ./ly.nix
+    ./sys.nix
+    ./unfree.nix
+    ./firefox.nix
+    ./home
+    ./vpn
+
+    ./masters
+  ];
+}

m/firefox.nix

@@ -0,0 +1,13 @@
+{ config, lib, ... }:
+let
+  firefox = config.maid.firefox;
+in
+{
+  options.maid.firefox = {
+    enable = lib.mkEnableOption "firefox";
+  };
+
+  config.programs.firefox = lib.mkIf firefox.enable {
+    enable = true;
+  };
+}

m/home/default.nix

@@ -0,0 +1,14 @@
+{ config, lib, ... }:
+let
+  hm = config.maid.hm;
+in
+{
+  options.maid.hm = {
+    enable = lib.mkEnableOption "home-manager";
+  };
+
+  config.home-manager = lib.mkIf hm.enable {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+  };
+}

m/home/helix/default.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+let
+  sonokai = import themes/sonokai;
+  langs = (import ./langs) pkgs;
+in
+{
+  programs.helix = {
+    enable = true;
+
+    settings = {
+      theme = "sonokai-andromeda";
+      editor.cursor-shape = {
+        normal = "block";
+        insert = "bar";
+        select = "underline";
+      };
+    };
+
+    languages = {
+      language-server.rust-analyzer.config = {
+        rust.analyzerTargetDir = true;
+      };
+    };
+    themes = {
+      sonokai-andromeda = sonokai "andromeda";
+    };
+  };
+}

m/home/helix/langs/default.nix

@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+rec {
+  use = name: (import ./${"${name}.nix"}) pkgs;
+  combine = lhs: rhs: {
+    lsp = (lhs.lsp or {}) // (rhs.lsp or {});
+    entries = (lhs.entries or []) ++ (rhs.entries or []);
+  };
+
+  intoHelixFormat = cfg: {
+    language-server = cfg.lsp;
+    language = cfg.entries;
+  };
+  useMany = langs: builtins.foldl' combine {} (map use langs);
+}
+

m/home/helix/langs/nix.nix

@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+{
+  lsp.nixd = {
+    command = "${pkgs.nixd}/bin/nixd";
+  };
+  entries = [{
+    name = "Nix";
+    scope = "source.nix";
+    injection-regex = "nix";
+    file-types = ["nix"];
+    comment-tokens = "#";
+    indent = { tab-width = 2; unit = "  "; };
+    language-servers = [ "nixd" ];
+  }];
+}

m/home/helix/themes/sonokai/default.nix

@@ -0,0 +1,179 @@
+palette:
+{
+  "attribute" = "purple";
+  "comment" = "grey";
+  "constant" = "purple";
+  "constant.character.escape" = "orange";
+  "constant.numeric" = "purple";
+  "constructor" = "blue";
+  "diagnostic" = { "underlined" = { "style" = "line"; }; };
+  "diagnostic.error" = {
+    "underline" = {
+      "color" = "red";
+      "style" = "curl";
+    };
+  };
+  "diagnostic.hint" = {
+    "underline" = {
+      "color" = "blue";
+      "style" = "dotted";
+    };
+  };
+  "diagnostic.info" = {
+    "underline" = {
+      "color" = "green";
+      "style" = "dotted";
+    };
+  };
+  "diagnostic.warning" = {
+    "underline" = {
+      "color" = "yellow";
+      "style" = "curl";
+    };
+  };
+  "diff.delta" = "orange";
+  "diff.minus" = "red";
+  "diff.plus" = "green";
+  "error" = "red";
+  "function" = "green";
+  "function.builtin" = "blue";
+  "function.macro" = "purple";
+  "hint" = "blue";
+  "info" = "green";
+  "keyword" = "red";
+  "keyword.directive" = "purple";
+  "label" = "orange";
+  "markup.bold" = { "modifiers" = [ "bold" ]; };
+  "markup.heading.1" = {
+    "fg" = "red";
+    "modifiers" = [ "bold" ];
+  };
+  "markup.heading.2" = {
+    "fg" = "orange";
+    "modifiers" = [ "bold" ];
+  };
+  "markup.heading.3" = {
+    "fg" = "yellow";
+    "modifiers" = [ "bold" ];
+  };
+  "markup.heading.4" = {
+    "fg" = "green";
+    "modifiers" = [ "bold" ];
+  };
+  "markup.heading.5" = {
+    "fg" = "blue";
+    "modifiers" = [ "bold" ];
+  };
+  "markup.heading.6" = {
+    "fg" = "fg";
+    "modifiers" = [ "bold" ];
+  };
+  "markup.heading.marker" = "grey";
+  "markup.italic" = { "modifiers" = [ "italic" ]; };
+  "markup.link.text" = "purple";
+  "markup.link.url" = {
+    "fg" = "blue";
+    "modifiers" = [ "underlined" ];
+  };
+  "markup.list" = "red";
+  "markup.quote" = "grey";
+  "markup.raw" = "green";
+  "module" = "blue";
+  "namespace" = "blue";
+  "operator" = "orange";
+  "punctuation" = "grey";
+  "punctuation.bracket" = "fg";
+  "punctuation.delimiter" = "grey";
+  "special" = "orange";
+  "string" = "yellow";
+  "string.regexp" = "orange";
+  "tag" = "yellow";
+  "type" = "blue";
+  "ui.background" = { "bg" = "bg0"; };
+  "ui.background.separator" = "grey";
+  "ui.bufferline" = {
+    "bg" = "bg1";
+    "fg" = "grey";
+  };
+  "ui.bufferline.active" = {
+    "bg" = "bg4";
+    "fg" = "fg";
+    "modifiers" = [ "bold" ];
+  };
+  "ui.cursor" = {
+    "bg" = "fg";
+    "fg" = "bg0";
+  };
+  "ui.cursor.insert" = {
+    "bg" = "grey";
+    "fg" = "black";
+  };
+  "ui.cursor.match" = {
+    "bg" = "diff_yellow";
+    "fg" = "orange";
+  };
+  "ui.cursor.select" = {
+    "bg" = "blue";
+    "fg" = "bg0";
+  };
+  "ui.cursorline.primary" = { "bg" = "bg1"; };
+  "ui.cursorline.secondary" = { "bg" = "bg1"; };
+  "ui.help" = {
+    "bg" = "bg2";
+    "fg" = "fg";
+  };
+  "ui.linenr" = "grey";
+  "ui.linenr.selected" = "fg";
+  "ui.menu" = {
+    "bg" = "bg3";
+    "fg" = "fg";
+  };
+  "ui.menu.selected" = {
+    "bg" = "green";
+    "fg" = "bg0";
+  };
+  "ui.popup" = {
+    "bg" = "bg2";
+    "fg" = "grey";
+  };
+  "ui.selection" = { "bg" = "bg4"; };
+  "ui.statusline" = {
+    "bg" = "bg3";
+    "fg" = "fg";
+  };
+  "ui.statusline.inactive" = {
+    "bg" = "bg1";
+    "fg" = "grey";
+  };
+  "ui.statusline.insert" = {
+    "bg" = "yellow";
+    "fg" = "bg0";
+    "modifiers" = [ "bold" ];
+  };
+  "ui.statusline.normal" = {
+    "bg" = "fg";
+    "fg" = "bg0";
+    "modifiers" = [ "bold" ];
+  };
+  "ui.statusline.select" = {
+    "bg" = "blue";
+    "fg" = "bg0";
+    "modifiers" = [ "bold" ];
+  };
+  "ui.text" = "fg";
+  "ui.text.focus" = "green";
+  "ui.virtual.indent-guide" = { "fg" = "bg4"; };
+  "ui.virtual.ruler" = { "bg" = "bg2"; };
+  "ui.virtual.whitespace" = { "fg" = "bg4"; };
+  "ui.window" = {
+    "bg" = "bg0";
+    "fg" = "grey";
+  };
+  "variable" = "fg";
+  "variable.builtin" = "orange";
+  "variable.other.member" = "fg";
+  "variable.parameter" = "fg";
+  "warning" = "yellow";
+
+  palette = import (./. + "/palettes/${palette}.nix");
+}

m/home/helix/themes/sonokai/palettes/andromeda.nix

@@ -0,0 +1,25 @@
+{
+  black = "#181a1c";
+  bg0 = "#2b2d3a";
+  bg1 = "#333648";
+  bg2 = "#363a4e";
+  bg3 = "#393e53";
+  bg4 = "#3f445b";
+  bg_red = "#ff6188";
+  diff_red = "#55393d";
+  bg_green = "#a9dc76";
+  diff_green = "#394634";
+  bg_blue = "#77d5f0";
+  diff_blue = "#354157";
+  diff_yellow = "#4e432f";
+  fg = "#e1e3e4";
+  red = "#fb617e";
+  orange = "#f89860";
+  yellow = "#edc763";
+  green = "#9ed06c";
+  cyan = "#ef9062"; # added for compatibility with `edge` scheme
+  blue = "#6dcae8";
+  purple = "#bb97ee";
+  grey = "#7e8294";
+  grey_dim = "#5a5e7a";
+}

m/hypr.nix

@@ -0,0 +1,15 @@
+{ lib, config, inputs, pkgs, ... }:
+let
+  hypr = config.maid.hypr;
+in
+{
+  options.maid.hypr = {
+    enable = lib.mkEnableOption "hyprland";
+  };
+
+  config.programs.hyprland = lib.mkIf hypr.enable {
+    enable = true;
+    package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
+    portalPackage = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
+  };
+}

m/ly.nix

@@ -0,0 +1,13 @@
+{ lib, config, ... }:
+let
+  ly = config.maid.ly;
+in
+{
+  options.maid.ly = {
+    enable = lib.mkEnableOption "ly";
+  };
+
+  config.services.displayManager.ly = lib.mkIf ly.enable {
+    enable = true;
+  };
+}

m/masters/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./nero.nix
+  ];
+}

m/masters/nero.nix

@@ -0,0 +1,38 @@
+{ lib, config, ... }:
+let
+  types = lib.types;
+  masters = config.maid.masters;
+  hm = config.maid.hm;
+
+  mkUser = name: {
+    enable = lib.mkEnableOption name;
+    override = lib.mkOption {
+      type = types.attrs;
+      default = {};
+    };
+  };
+in
+{
+  options.maid.masters = {
+    nero = mkUser "nero";
+  };
+
+  config = lib.mkIf masters.nero.enable {
+    sops.secrets."users/nero/passwordHash" = {
+      neededForUsers = true;
+      sopsFile = ../../secrets/users.yaml;
+    };
+
+    home-manager.users.nero = lib.mkIf hm.enable (import nero/home.nix);
+
+    users.users.nero = {
+      isNormalUser = true;
+      uid = 1337;
+      hashedPasswordFile = config.sops.secrets."users/nero/passwordHash".path;
+
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaWnT7mpLERhm3zIWglNy094a7F7d7cpEImLZYwwWoS nero@lil-maid"
+      ];
+    } // masters.nero.override;
+  };
+}

m/masters/nero/home.nix

@@ -0,0 +1,20 @@
+{ pkgs, ... }:
+{
+  imports = [];
+
+  home.username = "nero";
+  home.homeDirectory = "/home/nero";
+  home.stateVersion = "24.05";
+
+  home.file = {
+    ".cargo/config.toml" = {
+      text = ''
+        [net]
+        git-fetch-with-cli = true 
+
+        [target.x86_64-unknown-linux-gnu] 
+        rustflags = ["-C", "link-arg=--ld-path=${pkgs.mold}/bin/mold"]
+      '';
+    };
+  };
+}

m/sops.nix

@@ -0,0 +1,28 @@
+{ lib, config, ... }:
+let
+  sops = config.maid.sops;
+in
+{
+  options.maid.sops = {
+    enable = lib.mkEnableOption "sops";
+
+    work.enable = lib.mkEnableOption "work secrets";
+    viendesu.enable = lib.mkEnableOption "VienDesu!";
+  };
+
+  config.sops = lib.mkIf sops.enable {
+    age.keyFile = "/var/lib/sops-nix/key.txt";
+
+    secrets = lib.mkMerge [
+      (lib.mkIf sops.viendesu.enable {
+        "viendesu/shadowsocks/gneg".sopsFile = ../secrets/viendesu.yaml;
+        "viendesu/shadowsocks/yor".sopsFile = ../secrets/viendesu.yaml;
+      })
+      (lib.mkIf sops.work.enable {
+        "work/ovpn".sopsFile = ../secrets/work.yaml;
+        "work/password".sopsFile = ../secrets/work.yaml;
+        "work/shadowsocks".sopsFile = ../secrets/work.yaml;
+      })
+    ];
+  };
+}

m/sys.nix

@@ -0,0 +1,22 @@
+{ lib, config, ... }:
+let
+  types = lib.types;
+  sys = config.maid.sys;
+in
+{
+  options.maid.sys = {
+    enable = lib.mkEnableOption "whole maid system";
+    tz = lib.mkOption {
+      type = types.str;
+      default = "Europe/Moscow";
+    };
+    hostname = lib.mkOption {
+      type = types.str;
+    };
+  };
+
+  config = lib.mkIf sys.enable {
+    time.timeZone = sys.tz;
+    networking.hostName = sys.hostname;
+  };
+}

m/unfree.nix

@@ -0,0 +1,14 @@
+{ config, lib, ... }:
+let
+  unfree = config.maid.unfree;
+  types = lib.types;
+in
+{
+  options.maid.unfree = lib.mkOption {
+    type = types.listOf types.str;
+    description = "unfree software list";
+    default = [];
+  };
+
+  config.nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.maid.unfree;
+}

m/vpn/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./hft.nix
+  ];
+}

m/vpn/hft.nix

@@ -0,0 +1,39 @@
+{ pkgs, lib, config, ... }:
+let
+  types = lib.types;
+  hft = config.maid.vpn.hft;
+in
+{
+  options.maid.vpn.hft = {
+    enable = lib.mkEnableOption "OpenVPN HFT";
+    autoStart = lib.mkOption {
+      type = types.bool;
+      default = false;
+      description = "Whether to start VPN on system start";
+    };
+  };
+
+  config = lib.mkIf hft.enable {
+    services.openvpn.servers.hft = {
+      autoStart = hft.autoStart;
+      updateResolvConf = true;
+
+      config = ''
+        config ${config.sops.secrets."work/ovpn".path}
+        askpass ${config.sops.secrets."work/password".path}
+      '';
+    };
+
+    systemd.services.hft-shadowsocks = {
+      wantedBy = [ "openvpn-hft.service" ];
+      partOf = [ "openvpn-hft.service" ];
+      after = [ "network.target" ];
+
+      description = "Shadowsocks to bypass OpenVPN block";
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = ''${pkgs.shadowsocks-rust}/bin/sslocal --config ${config.sops.secrets."work/shadowsocks".path}'';
+      };
+    };
+  };
+}