hosts/modularization

hosts/archangel/configuration.nix

@@ -8,135 +8,26 @@
   ...
 }: {
   imports = [
-    # Include the results of the hardware scan.
     ./disko.nix
     ./hardware-configuration.nix
+    ../../modules/nixos/networking/default.nix
+    ../../modules/nixos/virtualization/default.nix
+    ../../modules/nixos/common.nix
+    ../../modules/nixos/fonts.nix
+    ../../modules/nixos/services.nix
+    ../../modules/nixos/users/tulg.nix
   ];
 
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking = {
-    hostName = "archangel";
-    nameservers = ["127.0.0.1" "::1"];
-  };
+  networking.hostName = "archangel";
 
-  services.dnscrypt-proxy2 = {
-    enable = true;
-    settings = {
-      listen_addresses = ["127.0.0.1:53" "[::1]:53"];
-    };
-  };
-
-  services.zapret = {
-    enable = true;
-    params = [
-      "--dpi-desync=fake"
-      "--dpi-desync-ttl=8"
-    ];
-  };
-
-  networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Enable networking
-
-  # Set your time zone.
-  time.timeZone = "Europe/Istanbul";
-
-  hardware.bluetooth = {
-    enable = true;
-    powerOnBoot = true;
-    settings = {
-      General = {
-        # Shows battery charge of connected devices on supported
-        # Bluetooth adapters. Defaults to 'false'.
-        Experimental = true;
-        # When enabled other devices can connect faster to us, however
-        # the tradeoff is increased power consumption. Defaults to
-        # 'false'.
-        FastConnectable = true;
-      };
-      Policy = {
-        # Enable all controllers when they are found. This includes
-        # adapters present on start as well as adapters that are plugged
-        # in later on. Defaults to 'true'.
-        AutoEnable = true;
-      };
-    };
-  };
-  services.blueman.enable = true;
-  # Select internationalisation properties.
-  services.getty.autologinUser = "tulg";
   programs.hyprland = {
     enable = true;
     xwayland.enable = true;
   };
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.tulg = {
-    isNormalUser = true;
-    description = "Tulga";
-    extraGroups = ["networkmanager" "network " "wheel"];
-    packages = with pkgs; [];
-  };
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    #  wget
-    git
-    rose-pine-gtk-theme
-  ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = true;
-      PermitRootLogin = "yes";
-    };
-  };
-  fonts = {
-    packages = with pkgs; [
-      noto-fonts
-      noto-fonts-cjk-sans
-      noto-fonts-color-emoji
-      nerd-fonts.symbols-only
-      liberation_ttf
-      font-awesome
-      fira
-      fira-sans
-      fira-code
-      fira-code-symbols
-    ];
-
-    enableDefaultPackages = true;
-    fontconfig = {
-      enable = true;
-      defaultFonts = {
-        sansSerif = ["Fira Sans Regular"];
-        serif = ["Fira Sans Regular"];
-        monospace = ["Fira Mono Regular"];
-      };
-    };
-  };
 
   powerManagement.powertop.enable = true;
   services.upower.enable = true;
@@ -153,33 +44,6 @@
       };
     };
   };
-  services.gvfs.enable = true; # Mount, trash, and other functionalities
-  services.tumbler.enable = true; # Thumbnail support for images
-  programs.thunar.enable = true;
-  programs.xfconf.enable = true;
-  programs.thunar.plugins = with pkgs.xfce; [
-    thunar-archive-plugin
-    thunar-volman
-  ];
 
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-  users.users."root".openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
-  ];
-  users.users."tulg".openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
-  ];
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-  services.displayManager.ly.enable = true;
   system.stateVersion = "25.05"; # Did you read the comment?
 }

hosts/virgil/configuration.nix

@@ -8,175 +8,20 @@
     ./disko.nix
     ./hardware-configuration.nix
     ./vfio.nix
+    ../../modules/nixos/networking/default.nix
+    ../../modules/nixos/virtualization/default.nix
+    ../../modules/nixos/common.nix
+    ../../modules/nixos/fonts.nix
+    ../../modules/nixos/services.nix
+    ../../modules/nixos/users/tulg.nix
   ];
-
-  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  #  boot.kernelPackages = pkgs.linuxPackages_6_1;
-  networking = {
-    hostName = "virgil";
-    nameservers = ["127.0.0.1" "::1"];
-  };
-  hardware.bluetooth = {
-    enable = true;
-    powerOnBoot = true;
-    settings = {
-      General = {
-        # Shows battery charge of connected devices on supported
-        # Bluetooth adapters. Defaults to 'false'.
-        Experimental = true;
-        # When enabled other devices can connect faster to us, however
-        # the tradeoff is increased power consumption. Defaults to
-        # 'false'.
-        FastConnectable = true;
-      };
-      Policy = {
-        # Enable all controllers when they are found. This includes
-        # adapters present on start as well as adapters that are plugged
-        # in later on. Defaults to 'true'.
-        AutoEnable = true;
-      };
-    };
-  };
-  services.blueman.enable = true;
-
-  services.dnscrypt-proxy = {
-    enable = true;
-    settings = {
-      listen_addresses = ["127.0.0.1:53" "[::1]:53"];
-
-      ignore_system_dns = true;
-
-      bootstrap_resolvers = [
-        "9.9.9.9:53"
-        "149.112.112.112:53"
-        "1.1.1.1:53"
-      ];
-
-      fallback_resolvers = [
-        "9.9.9.9:53"
-        "1.1.1.1:53"
-      ];
-    };
-  };
-  systemd.services.zapret.after = ["network-online.target"];
-  systemd.services.zapret.wants = ["network-online.target"];
-  services.zapret = {
-    enable = true;
-    params = [
-      "--dpi-desync=fake"
-      "--dpi-desync-ttl=8"
-    ];
-  };
-  networking.networkmanager = {
-    enable = true;
-    dns = "none";
-  };
-  programs.bash.shellAliases = {
-    fuck = "you";
-  };
-
-  time.timeZone = "Europe/Istanbul";
   programs.hyprland = {
     enable = true;
     xwayland.enable = true;
   };
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.tulg = {
-    isNormalUser = true;
-    description = "Tulga";
-    initialPassword = "fuckyou";
-    extraGroups = ["networkmanager" "wheel" "libvirtd" "kvm"];
-    packages = with pkgs; [];
-  };
-  programs.virt-manager.enable = true;
-  virtualisation.libvirtd = {
-    enable = true;
-    qemu.runAsRoot = false;
-    onBoot = "ignore";
-    onShutdown = "shutdown";
-  };
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-  environment.systemPackages = with pkgs; [
-    git
-    rose-pine-gtk-theme
-    virtiofsd
-    linux-pam
-    lm_sensors
-    #fancontrol
-  ];
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  networking.hostName = "virgil";
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = true;
-      PermitRootLogin = "yes";
-    };
-  };
-  fonts = {
-    packages = with pkgs; [
-      noto-fonts
-      noto-fonts-cjk-sans
-      #noto-fonts-emoji
-      nerd-fonts.symbols-only
-      liberation_ttf
-      font-awesome
-      fira
-      fira-sans
-      fira-code
-      fira-code-symbols
-    ];
-
-    enableDefaultPackages = true;
-    fontconfig = {
-      enable = true;
-      defaultFonts = {
-        sansSerif = ["Fira Sans Regular"];
-        serif = ["Fira Sans Regular"];
-        monospace = ["Fira Mono Regular"];
-      };
-    };
-  };
-  services.gvfs.enable = true; # Mount, trash, and other functionalities
-  services.tumbler.enable = true; # Thumbnail support for images
-  programs.thunar.enable = true;
-  programs.xfconf.enable = true;
-  programs.thunar.plugins = with pkgs.xfce; [
-    thunar-archive-plugin
-    thunar-volman
-  ];
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-  users.users."root".openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
-  ];
-  users.users."tulg".openssh.authorizedKeys.keys = [
-    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
-  ];
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-  services.displayManager.ly.enable = true;
   system.stateVersion = "25.05"; # Did you read the comment?
 }

modules/home-manager/desktop/default.nix

@@ -5,5 +5,6 @@
     ./hyprland.nix
     ./spicetify.nix
     ./browsers/zen.nix
+    ./vscode.nix
   ];
 }

modules/home-manager/desktop/vscode.nix

@@ -0,0 +1,15 @@
+{
+  lib,
+  pkgs,
+  ...
+}: {
+  programs.vscode = {
+    enable = true;
+    profiles.default.extensions = with pkgs.vscode-extensions; [
+      pkgs.vscode-extensions.kamadorueda.alejandra
+      pkgs.vscode-extensions.jnoortheen.nix-ide
+    ];
+    profiles.tulg.userSettings = {
+    };
+  };
+}

modules/home-manager/home.nix

@@ -7,57 +7,13 @@
   imports = [
     ./cli/default.nix
     ./desktop/default.nix
+    ./pkgs.nix
   ];
   # Home Manager settings
   nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
   home.username = "tulg";
   home.homeDirectory = "/home/tulg";
   home.stateVersion = "25.05";
-  home.packages = with pkgs; [
-    quickshell
-    networkmanagerapplet
-    inputs.noctalia.packages.${pkgs.system}.default
-    wdisplays
-    nwg-look
-    restic
-    rose-pine-gtk-theme
-    alejandra
-    prismlauncher
-    arc-theme
-    cliphist
-    swappy
-    mpv
-    pkgs.looking-glass-client
-    tmux
-    fastfetch
-    btop
-    pavucontrol
-    wl-clipboard
-    hyprcursor
-    parsec-bin
-    file-roller
-    hyprpaper
-    hyprpolkitagent
-    pkgs.nixd
-    swww
-    grim
-    slurp
-    inxi
-    waybar
-    wofi
-    mako
-    feh
-    kitty
-  ];
-  programs.vscode = {
-    enable = true;
-    profiles.default.extensions = with pkgs.vscode-extensions; [
-      pkgs.vscode-extensions.kamadorueda.alejandra
-      pkgs.vscode-extensions.jnoortheen.nix-ide
-    ];
-    profiles.tulg.userSettings = {
-    };
-  };
 
   programs.vesktop.enable = true;
 }

modules/home-manager/pkgs.nix

@@ -0,0 +1,42 @@
+{
+  pkgs,
+  inputs,
+  ...
+}: {
+  home.packages = with pkgs; [
+    quickshell
+    networkmanagerapplet
+    inputs.noctalia.packages.${pkgs.system}.default
+    wdisplays
+    nwg-look
+    restic
+    rose-pine-gtk-theme
+    alejandra
+    prismlauncher
+    arc-theme
+    cliphist
+    swappy
+    mpv
+    pkgs.looking-glass-client
+    tmux
+    fastfetch
+    btop
+    pavucontrol
+    wl-clipboard
+    hyprcursor
+    parsec-bin
+    file-roller
+    hyprpaper
+    hyprpolkitagent
+    pkgs.nixd
+    swww
+    grim
+    slurp
+    inxi
+    waybar
+    wofi
+    mako
+    feh
+    kitty
+  ];
+}

modules/nixos/common.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    git
+    rose-pine-gtk-theme
+    virtiofsd
+    linux-pam
+    lm_sensors
+  ];
+  nixpkgs.config.allowUnfree = true;
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  time.timeZone = "Europe/Istanbul";
+}

modules/nixos/fonts.nix

@@ -0,0 +1,26 @@
+{pkgs, ...}: {
+  fonts = {
+    packages = with pkgs; [
+      noto-fonts
+      noto-fonts-cjk-sans
+      #noto-fonts-emoji
+      nerd-fonts.symbols-only
+      liberation_ttf
+      font-awesome
+      fira
+      fira-sans
+      fira-code
+      fira-code-symbols
+    ];
+
+    enableDefaultPackages = true;
+    fontconfig = {
+      enable = true;
+      defaultFonts = {
+        sansSerif = ["Fira Sans Regular"];
+        serif = ["Fira Sans Regular"];
+        monospace = ["Fira Mono Regular"];
+      };
+    };
+  };
+}

modules/nixos/networking/bluetooth.nix

@@ -0,0 +1,24 @@
+{
+  hardware.bluetooth = {
+    enable = true;
+    powerOnBoot = true;
+    settings = {
+      General = {
+        # Shows battery charge of connected devices on supported
+        # Bluetooth adapters. Defaults to 'false'.
+        Experimental = true;
+        # When enabled other devices can connect faster to us, however
+        # the tradeoff is increased power consumption. Defaults to
+        # 'false'.
+        FastConnectable = true;
+      };
+      Policy = {
+        # Enable all controllers when they are found. This includes
+        # adapters present on start as well as adapters that are plugged
+        # in later on. Defaults to 'true'.
+        AutoEnable = true;
+      };
+    };
+  };
+  services.blueman.enable = true;
+}

modules/nixos/networking/default.nix

@@ -0,0 +1,13 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    ./bluetooth.nix
+    ./ssh.nix
+    ./zapret.nix
+  ];
+}

modules/nixos/networking/ssh.nix

@@ -0,0 +1,15 @@
+{
+  users.users."root".openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+  ];
+  users.users."tulg".openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
+  ];
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = true;
+      PermitRootLogin = "yes";
+    };
+  };
+}

modules/nixos/networking/zapret.nix

@@ -0,0 +1,51 @@
+{
+  services.dnscrypt-proxy = {
+    enable = true;
+
+    settings = {
+      listen_addresses = [
+        "127.0.0.1:53"
+        "[::1]:53"
+      ];
+
+      ignore_system_dns = true;
+
+      bootstrap_resolvers = [
+        "9.9.9.9:53"
+        "149.112.112.112:53"
+        "1.1.1.1:53"
+      ];
+
+      fallback_resolvers = [
+        "9.9.9.9:53"
+        "1.1.1.1:53"
+      ];
+    };
+  };
+
+  systemd.services.zapret = {
+    after = ["network-online.target"];
+    wants = ["network-online.target"];
+  };
+
+  services.zapret = {
+    enable = true;
+
+    params = [
+      "--dpi-desync=fake"
+      "--dpi-desync-ttl=8"
+    ];
+  };
+
+  networking = {
+    networkmanager = {
+      enable = true;
+      dns = "none";
+    };
+
+    nameservers = [
+      "127.0.0.1"
+      "::1"
+    ];
+  };
+}

modules/nixos/services.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}: {
+  services.gvfs.enable = true; # Mount, trash, and other functionalities
+  services.tumbler.enable = true; # Thumbnail support for images
+  programs.thunar.enable = true;
+  programs.xfconf.enable = true;
+  services.displayManager.ly.enable = true;
+
+  programs.thunar.plugins = with pkgs.xfce; [
+    thunar-archive-plugin
+    thunar-volman
+  ];
+}

modules/nixos/users/tulg.nix

@@ -0,0 +1,12 @@
+{
+  users.users.tulg = {
+    isNormalUser = true;
+    description = "Tulga";
+    extraGroups = [
+      "networkmanager"
+      "wheel"
+      "libvirtd"
+      "kvm"
+    ];
+  };
+}

modules/nixos/virtualization/default.nix

@@ -0,0 +1,11 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  ...
+}: {
+  imports = [
+    ./qemu.nix
+  ];
+}

modules/nixos/virtualization/qemu.nix

@@ -0,0 +1,9 @@
+{
+  programs.virt-manager.enable = true;
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu.runAsRoot = false;
+    onBoot = "ignore";
+    onShutdown = "shutdown";
+  };
+}