diff --git a/hosts/archangel/configuration.nix b/hosts/archangel/configuration.nix index 603f184..dcb916e 100644 --- a/hosts/archangel/configuration.nix +++ b/hosts/archangel/configuration.nix @@ -8,135 +8,26 @@ ... }: { imports = [ - # Include the results of the hardware scan. ./disko.nix ./hardware-configuration.nix + ../../modules/nixos/networking/default.nix + ../../modules/nixos/virtualization/default.nix + ../../modules/nixos/common.nix + ../../modules/nixos/fonts.nix + ../../modules/nixos/services.nix + ../../modules/nixos/users/tulg.nix ]; # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking = { - hostName = "archangel"; - nameservers = ["127.0.0.1" "::1"]; - }; + networking.hostName = "archangel"; - services.dnscrypt-proxy2 = { - enable = true; - settings = { - listen_addresses = ["127.0.0.1:53" "[::1]:53"]; - }; - }; - - services.zapret = { - enable = true; - params = [ - "--dpi-desync=fake" - "--dpi-desync-ttl=8" - ]; - }; - - networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - - # Set your time zone. - time.timeZone = "Europe/Istanbul"; - - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - settings = { - General = { - # Shows battery charge of connected devices on supported - # Bluetooth adapters. Defaults to 'false'. - Experimental = true; - # When enabled other devices can connect faster to us, however - # the tradeoff is increased power consumption. Defaults to - # 'false'. - FastConnectable = true; - }; - Policy = { - # Enable all controllers when they are found. This includes - # adapters present on start as well as adapters that are plugged - # in later on. Defaults to 'true'. - AutoEnable = true; - }; - }; - }; - services.blueman.enable = true; - # Select internationalisation properties. - services.getty.autologinUser = "tulg"; programs.hyprland = { enable = true; xwayland.enable = true; }; - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.tulg = { - isNormalUser = true; - description = "Tulga"; - extraGroups = ["networkmanager" "network " "wheel"]; - packages = with pkgs; []; - }; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - git - rose-pine-gtk-theme - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = true; - PermitRootLogin = "yes"; - }; - }; - fonts = { - packages = with pkgs; [ - noto-fonts - noto-fonts-cjk-sans - noto-fonts-color-emoji - nerd-fonts.symbols-only - liberation_ttf - font-awesome - fira - fira-sans - fira-code - fira-code-symbols - ]; - - enableDefaultPackages = true; - fontconfig = { - enable = true; - defaultFonts = { - sansSerif = ["Fira Sans Regular"]; - serif = ["Fira Sans Regular"]; - monospace = ["Fira Mono Regular"]; - }; - }; - }; powerManagement.powertop.enable = true; services.upower.enable = true; @@ -153,33 +44,6 @@ }; }; }; - services.gvfs.enable = true; # Mount, trash, and other functionalities - services.tumbler.enable = true; # Thumbnail support for images - programs.thunar.enable = true; - programs.xfconf.enable = true; - programs.thunar.plugins = with pkgs.xfce; [ - thunar-archive-plugin - thunar-volman - ]; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - users.users."root".openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file - ]; - users.users."tulg".openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file - ]; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - nix.settings.experimental-features = ["nix-command" "flakes"]; - services.displayManager.ly.enable = true; system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/hosts/virgil/configuration.nix b/hosts/virgil/configuration.nix index dc885a8..03953f5 100644 --- a/hosts/virgil/configuration.nix +++ b/hosts/virgil/configuration.nix @@ -8,175 +8,20 @@ ./disko.nix ./hardware-configuration.nix ./vfio.nix + ../../modules/nixos/networking/default.nix + ../../modules/nixos/virtualization/default.nix + ../../modules/nixos/common.nix + ../../modules/nixos/fonts.nix + ../../modules/nixos/services.nix + ../../modules/nixos/users/tulg.nix ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - # boot.kernelPackages = pkgs.linuxPackages_6_1; - networking = { - hostName = "virgil"; - nameservers = ["127.0.0.1" "::1"]; - }; - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - settings = { - General = { - # Shows battery charge of connected devices on supported - # Bluetooth adapters. Defaults to 'false'. - Experimental = true; - # When enabled other devices can connect faster to us, however - # the tradeoff is increased power consumption. Defaults to - # 'false'. - FastConnectable = true; - }; - Policy = { - # Enable all controllers when they are found. This includes - # adapters present on start as well as adapters that are plugged - # in later on. Defaults to 'true'. - AutoEnable = true; - }; - }; - }; - services.blueman.enable = true; - - services.dnscrypt-proxy = { - enable = true; - settings = { - listen_addresses = ["127.0.0.1:53" "[::1]:53"]; - - ignore_system_dns = true; - - bootstrap_resolvers = [ - "9.9.9.9:53" - "149.112.112.112:53" - "1.1.1.1:53" - ]; - - fallback_resolvers = [ - "9.9.9.9:53" - "1.1.1.1:53" - ]; - }; - }; - systemd.services.zapret.after = ["network-online.target"]; - systemd.services.zapret.wants = ["network-online.target"]; - services.zapret = { - enable = true; - params = [ - "--dpi-desync=fake" - "--dpi-desync-ttl=8" - ]; - }; - networking.networkmanager = { - enable = true; - dns = "none"; - }; - programs.bash.shellAliases = { - fuck = "you"; - }; - - time.timeZone = "Europe/Istanbul"; programs.hyprland = { enable = true; xwayland.enable = true; }; - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.tulg = { - isNormalUser = true; - description = "Tulga"; - initialPassword = "fuckyou"; - extraGroups = ["networkmanager" "wheel" "libvirtd" "kvm"]; - packages = with pkgs; []; - }; - programs.virt-manager.enable = true; - virtualisation.libvirtd = { - enable = true; - qemu.runAsRoot = false; - onBoot = "ignore"; - onShutdown = "shutdown"; - }; - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - environment.systemPackages = with pkgs; [ - git - rose-pine-gtk-theme - virtiofsd - linux-pam - lm_sensors - #fancontrol - ]; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + networking.hostName = "virgil"; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = true; - PermitRootLogin = "yes"; - }; - }; - fonts = { - packages = with pkgs; [ - noto-fonts - noto-fonts-cjk-sans - #noto-fonts-emoji - nerd-fonts.symbols-only - liberation_ttf - font-awesome - fira - fira-sans - fira-code - fira-code-symbols - ]; - - enableDefaultPackages = true; - fontconfig = { - enable = true; - defaultFonts = { - sansSerif = ["Fira Sans Regular"]; - serif = ["Fira Sans Regular"]; - monospace = ["Fira Mono Regular"]; - }; - }; - }; - services.gvfs.enable = true; # Mount, trash, and other functionalities - services.tumbler.enable = true; # Thumbnail support for images - programs.thunar.enable = true; - programs.xfconf.enable = true; - programs.thunar.plugins = with pkgs.xfce; [ - thunar-archive-plugin - thunar-volman - ]; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - users.users."root".openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file - ]; - users.users."tulg".openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file - ]; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - nix.settings.experimental-features = ["nix-command" "flakes"]; - services.displayManager.ly.enable = true; system.stateVersion = "25.05"; # Did you read the comment? } diff --git a/modules/home-manager/desktop/default.nix b/modules/home-manager/desktop/default.nix index 82dbb27..5c616f2 100644 --- a/modules/home-manager/desktop/default.nix +++ b/modules/home-manager/desktop/default.nix @@ -5,5 +5,6 @@ ./hyprland.nix ./spicetify.nix ./browsers/zen.nix + ./vscode.nix ]; } diff --git a/modules/home-manager/desktop/vscode.nix b/modules/home-manager/desktop/vscode.nix new file mode 100644 index 0000000..fe91f01 --- /dev/null +++ b/modules/home-manager/desktop/vscode.nix @@ -0,0 +1,15 @@ +{ + lib, + pkgs, + ... +}: { + programs.vscode = { + enable = true; + profiles.default.extensions = with pkgs.vscode-extensions; [ + pkgs.vscode-extensions.kamadorueda.alejandra + pkgs.vscode-extensions.jnoortheen.nix-ide + ]; + profiles.tulg.userSettings = { + }; + }; +} diff --git a/modules/home-manager/home.nix b/modules/home-manager/home.nix index 950cb05..3c828ff 100644 --- a/modules/home-manager/home.nix +++ b/modules/home-manager/home.nix @@ -7,57 +7,13 @@ imports = [ ./cli/default.nix ./desktop/default.nix + ./pkgs.nix ]; # Home Manager settings nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"]; home.username = "tulg"; home.homeDirectory = "/home/tulg"; home.stateVersion = "25.05"; - home.packages = with pkgs; [ - quickshell - networkmanagerapplet - inputs.noctalia.packages.${pkgs.system}.default - wdisplays - nwg-look - restic - rose-pine-gtk-theme - alejandra - prismlauncher - arc-theme - cliphist - swappy - mpv - pkgs.looking-glass-client - tmux - fastfetch - btop - pavucontrol - wl-clipboard - hyprcursor - parsec-bin - file-roller - hyprpaper - hyprpolkitagent - pkgs.nixd - swww - grim - slurp - inxi - waybar - wofi - mako - feh - kitty - ]; - programs.vscode = { - enable = true; - profiles.default.extensions = with pkgs.vscode-extensions; [ - pkgs.vscode-extensions.kamadorueda.alejandra - pkgs.vscode-extensions.jnoortheen.nix-ide - ]; - profiles.tulg.userSettings = { - }; - }; programs.vesktop.enable = true; } diff --git a/modules/home-manager/pkgs.nix b/modules/home-manager/pkgs.nix new file mode 100644 index 0000000..9f22759 --- /dev/null +++ b/modules/home-manager/pkgs.nix @@ -0,0 +1,42 @@ +{ + pkgs, + inputs, + ... +}: { + home.packages = with pkgs; [ + quickshell + networkmanagerapplet + inputs.noctalia.packages.${pkgs.system}.default + wdisplays + nwg-look + restic + rose-pine-gtk-theme + alejandra + prismlauncher + arc-theme + cliphist + swappy + mpv + pkgs.looking-glass-client + tmux + fastfetch + btop + pavucontrol + wl-clipboard + hyprcursor + parsec-bin + file-roller + hyprpaper + hyprpolkitagent + pkgs.nixd + swww + grim + slurp + inxi + waybar + wofi + mako + feh + kitty + ]; +} diff --git a/modules/nixos/common.nix b/modules/nixos/common.nix new file mode 100644 index 0000000..eff8ed2 --- /dev/null +++ b/modules/nixos/common.nix @@ -0,0 +1,12 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + git + rose-pine-gtk-theme + virtiofsd + linux-pam + lm_sensors + ]; + nixpkgs.config.allowUnfree = true; + nix.settings.experimental-features = ["nix-command" "flakes"]; + time.timeZone = "Europe/Istanbul"; +} diff --git a/modules/nixos/fonts.nix b/modules/nixos/fonts.nix new file mode 100644 index 0000000..c8d23b6 --- /dev/null +++ b/modules/nixos/fonts.nix @@ -0,0 +1,26 @@ +{pkgs, ...}: { + fonts = { + packages = with pkgs; [ + noto-fonts + noto-fonts-cjk-sans + #noto-fonts-emoji + nerd-fonts.symbols-only + liberation_ttf + font-awesome + fira + fira-sans + fira-code + fira-code-symbols + ]; + + enableDefaultPackages = true; + fontconfig = { + enable = true; + defaultFonts = { + sansSerif = ["Fira Sans Regular"]; + serif = ["Fira Sans Regular"]; + monospace = ["Fira Mono Regular"]; + }; + }; + }; +} diff --git a/modules/nixos/networking/bluetooth.nix b/modules/nixos/networking/bluetooth.nix new file mode 100644 index 0000000..0e7ff7e --- /dev/null +++ b/modules/nixos/networking/bluetooth.nix @@ -0,0 +1,24 @@ +{ + hardware.bluetooth = { + enable = true; + powerOnBoot = true; + settings = { + General = { + # Shows battery charge of connected devices on supported + # Bluetooth adapters. Defaults to 'false'. + Experimental = true; + # When enabled other devices can connect faster to us, however + # the tradeoff is increased power consumption. Defaults to + # 'false'. + FastConnectable = true; + }; + Policy = { + # Enable all controllers when they are found. This includes + # adapters present on start as well as adapters that are plugged + # in later on. Defaults to 'true'. + AutoEnable = true; + }; + }; + }; + services.blueman.enable = true; +} diff --git a/modules/nixos/networking/default.nix b/modules/nixos/networking/default.nix new file mode 100644 index 0000000..28bce0f --- /dev/null +++ b/modules/nixos/networking/default.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + imports = [ + ./bluetooth.nix + ./ssh.nix + ./zapret.nix + ]; +} diff --git a/modules/nixos/networking/ssh.nix b/modules/nixos/networking/ssh.nix new file mode 100644 index 0000000..93942c0 --- /dev/null +++ b/modules/nixos/networking/ssh.nix @@ -0,0 +1,15 @@ +{ + users.users."root".openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file + ]; + users.users."tulg".openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file + ]; + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = true; + PermitRootLogin = "yes"; + }; + }; +} diff --git a/modules/nixos/networking/zapret.nix b/modules/nixos/networking/zapret.nix new file mode 100644 index 0000000..c391b14 --- /dev/null +++ b/modules/nixos/networking/zapret.nix @@ -0,0 +1,51 @@ +{ + services.dnscrypt-proxy = { + enable = true; + + settings = { + listen_addresses = [ + "127.0.0.1:53" + "[::1]:53" + ]; + + ignore_system_dns = true; + + bootstrap_resolvers = [ + "9.9.9.9:53" + "149.112.112.112:53" + "1.1.1.1:53" + ]; + + fallback_resolvers = [ + "9.9.9.9:53" + "1.1.1.1:53" + ]; + }; + }; + + systemd.services.zapret = { + after = ["network-online.target"]; + wants = ["network-online.target"]; + }; + + services.zapret = { + enable = true; + + params = [ + "--dpi-desync=fake" + "--dpi-desync-ttl=8" + ]; + }; + + networking = { + networkmanager = { + enable = true; + dns = "none"; + }; + + nameservers = [ + "127.0.0.1" + "::1" + ]; + }; +} diff --git a/modules/nixos/services.nix b/modules/nixos/services.nix new file mode 100644 index 0000000..8f94f10 --- /dev/null +++ b/modules/nixos/services.nix @@ -0,0 +1,12 @@ +{pkgs, ...}: { + services.gvfs.enable = true; # Mount, trash, and other functionalities + services.tumbler.enable = true; # Thumbnail support for images + programs.thunar.enable = true; + programs.xfconf.enable = true; + services.displayManager.ly.enable = true; + + programs.thunar.plugins = with pkgs.xfce; [ + thunar-archive-plugin + thunar-volman + ]; +} diff --git a/modules/nixos/users/tulg.nix b/modules/nixos/users/tulg.nix new file mode 100644 index 0000000..f069ccc --- /dev/null +++ b/modules/nixos/users/tulg.nix @@ -0,0 +1,12 @@ +{ + users.users.tulg = { + isNormalUser = true; + description = "Tulga"; + extraGroups = [ + "networkmanager" + "wheel" + "libvirtd" + "kvm" + ]; + }; +} diff --git a/modules/nixos/virtualization/default.nix b/modules/nixos/virtualization/default.nix new file mode 100644 index 0000000..ecf151b --- /dev/null +++ b/modules/nixos/virtualization/default.nix @@ -0,0 +1,11 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + imports = [ + ./qemu.nix + ]; +} diff --git a/modules/nixos/virtualization/qemu.nix b/modules/nixos/virtualization/qemu.nix new file mode 100644 index 0000000..e193655 --- /dev/null +++ b/modules/nixos/virtualization/qemu.nix @@ -0,0 +1,9 @@ +{ + programs.virt-manager.enable = true; + virtualisation.libvirtd = { + enable = true; + qemu.runAsRoot = false; + onBoot = "ignore"; + onShutdown = "shutdown"; + }; +}