tulg/nixdots
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

hosts/modularization

Browse source
This commit is contained in:
tulg 2026-01-10 19:31:22 +03:00
parent 71e22f65bb
commit 5e4b53d885
16 changed files with 260 additions and 352 deletions
Download patch file Download diff file Expand all files Collapse all files

150
hosts/archangel/configuration.nix
View file

@ -8,135 +8,26 @@
... ...
}: { }: {
imports = [ imports = [
# Include the results of the hardware scan.
./disko.nix ./disko.nix
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/nixos/networking/default.nix
../../modules/nixos/virtualization/default.nix
../../modules/nixos/common.nix
../../modules/nixos/fonts.nix
../../modules/nixos/services.nix
../../modules/nixos/users/tulg.nix
]; ];
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking = { networking.hostName = "archangel";
hostName = "archangel";
nameservers = ["127.0.0.1" "::1"];
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
listen_addresses = ["127.0.0.1:53" "[::1]:53"];
};
};
services.zapret = {
enable = true;
params = [
"--dpi-desync=fake"
"--dpi-desync-ttl=8"
];
};
networking.networkmanager.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
# Set your time zone.
time.timeZone = "Europe/Istanbul";
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
# Shows battery charge of connected devices on supported
# Bluetooth adapters. Defaults to 'false'.
Experimental = true;
# When enabled other devices can connect faster to us, however
# the tradeoff is increased power consumption. Defaults to
# 'false'.
FastConnectable = true;
};
Policy = {
# Enable all controllers when they are found. This includes
# adapters present on start as well as adapters that are plugged
# in later on. Defaults to 'true'.
AutoEnable = true;
};
};
};
services.blueman.enable = true;
# Select internationalisation properties.
services.getty.autologinUser = "tulg";
programs.hyprland = { programs.hyprland = {
enable = true; enable = true;
xwayland.enable = true; xwayland.enable = true;
}; };
# Define a user account. Don't forget to set a password with passwd.
users.users.tulg = {
isNormalUser = true;
description = "Tulga";
extraGroups = ["networkmanager" "network " "wheel"];
packages = with pkgs; [];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
git
rose-pine-gtk-theme
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = true;
PermitRootLogin = "yes";
};
};
fonts = {
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
nerd-fonts.symbols-only
liberation_ttf
font-awesome
fira
fira-sans
fira-code
fira-code-symbols
];
enableDefaultPackages = true;
fontconfig = {
enable = true;
defaultFonts = {
sansSerif = ["Fira Sans Regular"];
serif = ["Fira Sans Regular"];
monospace = ["Fira Mono Regular"];
};
};
};
powerManagement.powertop.enable = true; powerManagement.powertop.enable = true;
services.upower.enable = true; services.upower.enable = true;
@ -153,33 +44,6 @@
}; };
}; };
}; };
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.tumbler.enable = true; # Thumbnail support for images
programs.thunar.enable = true;
programs.xfconf.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
users.users."root".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
];
users.users."tulg".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
nix.settings.experimental-features = ["nix-command" "flakes"];
services.displayManager.ly.enable = true;
system.stateVersion = "25.05"; # Did you read the comment? system.stateVersion = "25.05"; # Did you read the comment?
} }

173
hosts/virgil/configuration.nix
View file

@ -8,175 +8,20 @@
./disko.nix ./disko.nix
./hardware-configuration.nix ./hardware-configuration.nix
./vfio.nix ./vfio.nix
../../modules/nixos/networking/default.nix
../../modules/nixos/virtualization/default.nix
../../modules/nixos/common.nix
../../modules/nixos/fonts.nix
../../modules/nixos/services.nix
../../modules/nixos/users/tulg.nix
]; ];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# boot.kernelPackages = pkgs.linuxPackages_6_1;
networking = {
hostName = "virgil";
nameservers = ["127.0.0.1" "::1"];
};
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
# Shows battery charge of connected devices on supported
# Bluetooth adapters. Defaults to 'false'.
Experimental = true;
# When enabled other devices can connect faster to us, however
# the tradeoff is increased power consumption. Defaults to
# 'false'.
FastConnectable = true;
};
Policy = {
# Enable all controllers when they are found. This includes
# adapters present on start as well as adapters that are plugged
# in later on. Defaults to 'true'.
AutoEnable = true;
};
};
};
services.blueman.enable = true;
services.dnscrypt-proxy = {
enable = true;
settings = {
listen_addresses = ["127.0.0.1:53" "[::1]:53"];
ignore_system_dns = true;
bootstrap_resolvers = [
"9.9.9.9:53"
"149.112.112.112:53"
"1.1.1.1:53"
];
fallback_resolvers = [
"9.9.9.9:53"
"1.1.1.1:53"
];
};
};
systemd.services.zapret.after = ["network-online.target"];
systemd.services.zapret.wants = ["network-online.target"];
services.zapret = {
enable = true;
params = [
"--dpi-desync=fake"
"--dpi-desync-ttl=8"
];
};
networking.networkmanager = {
enable = true;
dns = "none";
};
programs.bash.shellAliases = {
fuck = "you";
};
time.timeZone = "Europe/Istanbul";
programs.hyprland = { programs.hyprland = {
enable = true; enable = true;
xwayland.enable = true; xwayland.enable = true;
}; };
# Define a user account. Don't forget to set a password with passwd. boot.loader.systemd-boot.enable = true;
users.users.tulg = { boot.loader.efi.canTouchEfiVariables = true;
isNormalUser = true; networking.hostName = "virgil";
description = "Tulga";
initialPassword = "fuckyou";
extraGroups = ["networkmanager" "wheel" "libvirtd" "kvm"];
packages = with pkgs; [];
};
programs.virt-manager.enable = true;
virtualisation.libvirtd = {
enable = true;
qemu.runAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
git
rose-pine-gtk-theme
virtiofsd
linux-pam
lm_sensors
#fancontrol
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = true;
PermitRootLogin = "yes";
};
};
fonts = {
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
#noto-fonts-emoji
nerd-fonts.symbols-only
liberation_ttf
font-awesome
fira
fira-sans
fira-code
fira-code-symbols
];
enableDefaultPackages = true;
fontconfig = {
enable = true;
defaultFonts = {
sansSerif = ["Fira Sans Regular"];
serif = ["Fira Sans Regular"];
monospace = ["Fira Mono Regular"];
};
};
};
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.tumbler.enable = true; # Thumbnail support for images
programs.thunar.enable = true;
programs.xfconf.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
users.users."root".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
];
users.users."tulg".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
nix.settings.experimental-features = ["nix-command" "flakes"];
services.displayManager.ly.enable = true;
system.stateVersion = "25.05"; # Did you read the comment? system.stateVersion = "25.05"; # Did you read the comment?
} }

1
modules/home-manager/desktop/default.nix
View file

@ -5,5 +5,6 @@
./hyprland.nix ./hyprland.nix
./spicetify.nix ./spicetify.nix
./browsers/zen.nix ./browsers/zen.nix
./vscode.nix
]; ];
} }

15
modules/home-manager/desktop/vscode.nix Normal file
View file

@ -0,0 +1,15 @@
{
lib,
pkgs,
...
}: {
programs.vscode = {
enable = true;
profiles.default.extensions = with pkgs.vscode-extensions; [
pkgs.vscode-extensions.kamadorueda.alejandra
pkgs.vscode-extensions.jnoortheen.nix-ide
];
profiles.tulg.userSettings = {
};
};
}

46
modules/home-manager/home.nix
View file

@ -7,57 +7,13 @@
imports = [ imports = [
./cli/default.nix ./cli/default.nix
./desktop/default.nix ./desktop/default.nix
./pkgs.nix
]; ];
# Home Manager settings # Home Manager settings
nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"]; nix.nixPath = ["nixpkgs=${inputs.nixpkgs}"];
home.username = "tulg"; home.username = "tulg";
home.homeDirectory = "/home/tulg"; home.homeDirectory = "/home/tulg";
home.stateVersion = "25.05"; home.stateVersion = "25.05";
home.packages = with pkgs; [
quickshell
networkmanagerapplet
inputs.noctalia.packages.${pkgs.system}.default
wdisplays
nwg-look
restic
rose-pine-gtk-theme
alejandra
prismlauncher
arc-theme
cliphist
swappy
mpv
pkgs.looking-glass-client
tmux
fastfetch
btop
pavucontrol
wl-clipboard
hyprcursor
parsec-bin
file-roller
hyprpaper
hyprpolkitagent
pkgs.nixd
swww
grim
slurp
inxi
waybar
wofi
mako
feh
kitty
];
programs.vscode = {
enable = true;
profiles.default.extensions = with pkgs.vscode-extensions; [
pkgs.vscode-extensions.kamadorueda.alejandra
pkgs.vscode-extensions.jnoortheen.nix-ide
];
profiles.tulg.userSettings = {
};
};
programs.vesktop.enable = true; programs.vesktop.enable = true;
} }

42
modules/home-manager/pkgs.nix Normal file
View file

@ -0,0 +1,42 @@
{
pkgs,
inputs,
...
}: {
home.packages = with pkgs; [
quickshell
networkmanagerapplet
inputs.noctalia.packages.${pkgs.system}.default
wdisplays
nwg-look
restic
rose-pine-gtk-theme
alejandra
prismlauncher
arc-theme
cliphist
swappy
mpv
pkgs.looking-glass-client
tmux
fastfetch
btop
pavucontrol
wl-clipboard
hyprcursor
parsec-bin
file-roller
hyprpaper
hyprpolkitagent
pkgs.nixd
swww
grim
slurp
inxi
waybar
wofi
mako
feh
kitty
];
}

12
modules/nixos/common.nix Normal file
View file

@ -0,0 +1,12 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
git
rose-pine-gtk-theme
virtiofsd
linux-pam
lm_sensors
];
nixpkgs.config.allowUnfree = true;
nix.settings.experimental-features = ["nix-command" "flakes"];
time.timeZone = "Europe/Istanbul";
}

26
modules/nixos/fonts.nix Normal file
View file

@ -0,0 +1,26 @@
{pkgs, ...}: {
fonts = {
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
#noto-fonts-emoji
nerd-fonts.symbols-only
liberation_ttf
font-awesome
fira
fira-sans
fira-code
fira-code-symbols
];
enableDefaultPackages = true;
fontconfig = {
enable = true;
defaultFonts = {
sansSerif = ["Fira Sans Regular"];
serif = ["Fira Sans Regular"];
monospace = ["Fira Mono Regular"];
};
};
};
}

24
modules/nixos/networking/bluetooth.nix Normal file
View file

@ -0,0 +1,24 @@
{
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
# Shows battery charge of connected devices on supported
# Bluetooth adapters. Defaults to 'false'.
Experimental = true;
# When enabled other devices can connect faster to us, however
# the tradeoff is increased power consumption. Defaults to
# 'false'.
FastConnectable = true;
};
Policy = {
# Enable all controllers when they are found. This includes
# adapters present on start as well as adapters that are plugged
# in later on. Defaults to 'true'.
AutoEnable = true;
};
};
};
services.blueman.enable = true;
}

13
modules/nixos/networking/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
./bluetooth.nix
./ssh.nix
./zapret.nix
];
}

15
modules/nixos/networking/ssh.nix Normal file
View file

@ -0,0 +1,15 @@
{
users.users."root".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
];
users.users."tulg".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIefprdYz4gFgBqGlrkycWcTYxFttQHRjDQmREtQTiGyqK1gQiB4z4Cbiayt7Emq224sbaobQPlNSyhlBCSo/Wf0bmZMz8NwNdwhFSkDnyD6LPaHg8fv9FXnWW0wBMl4oSD2wfGbMQBrecjgHXfJ64UiHyyhDllDDtWGgoY75wwfWHzX/NiGaEi0LHCQ8dsgp7H+BhssTkJPZbv6BJcA34yfb6dISjvW2S/QGKMwgYr9ArfGLUTWPbj+EbL7Bf9VsTFe9nP+FnYqEu4+oBIbY2heXWA+FCi0zxmMY4oYJxT5cJi1nffVOxboKLm4kIT93gv1WdcDiQDVdy5sJ1q0gJyiRt1HfJW4l8jn36VJ0FvdGmRliOTzSfeER0gbIsOcxeArHRV3ff/CoSocnSs0To5vFKgjlGwhdE8sJsqILgZnIoKwVvOXuDOz/RhbdBPpVsG7upk7bLJtLv9P5h0h/gUIWA1iktaYBSDL0UofjSrfNhZH6M0P+soIuooanSlVGivTlASw1pd+gjvebbc9ksvGZVqPQT0XegIvZkwfu8moERZUqv/xhNcyWTEGfFKoeHt5ub8Ac0LOe9Ak6N+p8xDjTdkmUgte5J/CNL1JL3JA/iqocAo+VvmIbPatbrOwUNcROOS3WeFg8MfNrbDyYCVNbZWAyM6wwfLB2fIUB2jw== tulg@highcommand" # content of authorized_keys file
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = true;
PermitRootLogin = "yes";
};
};
}

51
modules/nixos/networking/zapret.nix Normal file
View file

@ -0,0 +1,51 @@
{
services.dnscrypt-proxy = {
enable = true;
settings = {
listen_addresses = [
"127.0.0.1:53"
"[::1]:53"
];
ignore_system_dns = true;
bootstrap_resolvers = [
"9.9.9.9:53"
"149.112.112.112:53"
"1.1.1.1:53"
];
fallback_resolvers = [
"9.9.9.9:53"
"1.1.1.1:53"
];
};
};
systemd.services.zapret = {
after = ["network-online.target"];
wants = ["network-online.target"];
};
services.zapret = {
enable = true;
params = [
"--dpi-desync=fake"
"--dpi-desync-ttl=8"
];
};
networking = {
networkmanager = {
enable = true;
dns = "none";
};
nameservers = [
"127.0.0.1"
"::1"
];
};
}

12
modules/nixos/services.nix Normal file
View file

@ -0,0 +1,12 @@
{pkgs, ...}: {
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.tumbler.enable = true; # Thumbnail support for images
programs.thunar.enable = true;
programs.xfconf.enable = true;
services.displayManager.ly.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
}

12
modules/nixos/users/tulg.nix Normal file
View file

@ -0,0 +1,12 @@
{
users.users.tulg = {
isNormalUser = true;
description = "Tulga";
extraGroups = [
"networkmanager"
"wheel"
"libvirtd"
"kvm"
];
};
}

11
modules/nixos/virtualization/default.nix Normal file
View file

@ -0,0 +1,11 @@
{
config,
lib,
pkgs,
inputs,
...
}: {
imports = [
./qemu.nix
];
}

9
modules/nixos/virtualization/qemu.nix Normal file
View file

@ -0,0 +1,9 @@
{
programs.virt-manager.enable = true;
virtualisation.libvirtd = {
enable = true;
qemu.runAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
};
}