some cleanup and minimal wayland vm

flake.nix

@@ -114,6 +114,19 @@
         cp flake.lock flake.lock.bak && nix flake update
         update-vscode
       '');
+      upgrade-hyprland = (pkgs: pkgs.writeShellScriptBin "upgrade" ''
+        cp flake.lock flake.lock.bak
+        nix flake lock --update-input hyprland
+      '');
+      refresh-hyprland = (pkgs: pkgs.writeShellScriptBin "refresh-hyprland" ''
+        rm -f ~/.config/hypr/hyprland.conf
+        rebuild test
+        cp ~/.config/hypr/hyprland.conf ~/.config/hypr/1
+        rm -f ~/.config/hypr/hyprland.conf
+        cp ~/.config/hypr/1 ~/.config/hypr/hyprland.conf
+        rm -f ~/.config/hypr/1
+        systemctl stop --user gammastep.service
+      '');
       findModules = dir:
         builtins.concatLists (builtins.attrValues (builtins.mapAttrs
           (name: type:
@@ -158,7 +171,7 @@
       devShell.x86_64-linux = let
         pkgs = self.legacyPackages.x86_64-linux;
       in pkgs.mkShell {
-        nativeBuildInputs = [ (rebuild pkgs) (update-vscode pkgs) (upgrade pkgs) ];
+        nativeBuildInputs = [ (rebuild pkgs) (update-vscode pkgs) (upgrade pkgs) (upgrade-hyprland pkgs) (refresh-hyprland pkgs)];
       };
     };
 }

machines/AMD-Workstation/default.nix

@@ -28,4 +28,5 @@
   deviceSpecific.wireguard.enable = true;
 
   hardware.video.hidpi.enable = lib.mkForce false;
+  hardware.firmware = [ pkgs.rtl8761b-firmware ];
 }

machines/Flakes-ISO/default.nix

@@ -1,34 +1,71 @@
 { modulesPath, lib, inputs, pkgs, ... }: {
   imports = with inputs.self.nixosModules; with inputs.self.nixosProfiles; [
     "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
+    "${modulesPath}/profiles/qemu-guest.nix"
     inputs.self.nixosRoles.base
     inputs.base16.hmModule
 
+    xray
     applications-setup
-    cursor
-    fonts
-    gtk
-    i3status-rust
-    kde
+    sound
+    themes
+
+    firefox
     kitty
-    mako
     mpv
     packages
-    print-scan
     rofi
-    sound
-    sway
-    themes
-    vivaldi
     vscode
+
+    copyq
+    cursor
+    direnv
+    fonts
+    gtk
+    kde
+    mako
+    nix-index
+    print-scan
+    proxy
+    hyprland
+    waybar
+
+
+    # applications-setupsetup
+    # cursor
+    # fonts
+    # gtk
+    # i3status-rust
+    # kde
+    # kitty
+    # mako
+    # mpv
+    # packages
+    # print-scan
+    # rofi
+    # sound
+    # sway
+    # themes
+    # vivaldi
+    # vscode
+    # kitty
+    # mako
+    # mpv
+    # packages
+    # print-scan
+    # rofi
+    # sound
+    # sway
+    # themes
+    # vivaldi
+    # vscode
   ];
   disabledModules = [ "installer/cd-dvd/channel.nix" ];
-  hardware.pulseaudio.enable = lib.mkForce false;
   networking.networkmanager.enable = lib.mkForce true;
   networking.wireless.enable = lib.mkForce false;
   services.getty.autologinUser = lib.mkForce "alukard";
   services.openssh.permitRootLogin = lib.mkForce "no";
-  sound.enable = lib.mkForce false;
+  # sound.enable = lib.mkForce false;
 
   deviceSpecific.devInfo.drive.type = "hdd";
   deviceSpecific.devInfo.gpu.vendor = "other";
@@ -37,4 +74,7 @@
   deviceSpecific.isGaming = false;
   deviceSpecific.enableVirtualisation = false;
   deviceSpecific.wireguard.enable = false;
+  deviceSpecific.isServer = false;
+
+  isoImage.volumeID = lib.mkForce "NIXOS_ISO";
 }

machines/Wayland-VM/default.nix

@@ -0,0 +1,133 @@
+{ modulesPath, inputs, lib, pkgs, ... }: {
+  imports = with inputs.self.nixosModules; with inputs.self.nixosProfiles; [
+    # ./hardware-configuration.nix
+    "${modulesPath}/profiles/qemu-guest.nix"
+    "${modulesPath}/profiles/minimal.nix"
+    ./system-path.nix
+  ];
+  disabledModules = ["config/system-path.nix"];
+
+  options = {
+    device = lib.mkOption { type = lib.types.str; };
+  };
+
+  config = {
+    # system.nssModules = lib.mkForce [ ];
+    services.udisks2.enable = false;
+    # services.nscd.enable = false;
+
+    boot = {
+      loader.systemd-boot.enable = true;
+
+      kernelPackages = pkgs.linuxPackages_zen;
+
+      kernelParams = [
+        "zswap.enabled=0" "quiet" "scsi_mod.use_blk_mq=1" "modeset" "nofb"
+        "rd.systemd.show_status=auto"
+        "rd.udev.log_priority=3"
+        "pti=off"
+        "spectre_v2=off"
+        "kvm.ignore_msrs=1"
+      ];
+    };
+
+    zramSwap = {
+      enable = true;
+      algorithm = "zstd";
+      memoryPercent = 60;
+      numDevices = 1;
+    };
+
+    networking.firewall.enable = false;
+
+    users.mutableUsers = false;
+    users.users.alukard = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      uid = 1000;
+      hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
+    };
+
+    nix = rec {
+      nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ];
+
+      registry.self.flake = inputs.self;
+      registry.nixpkgs.flake = inputs.nixpkgs;
+
+      optimise.automatic = true;
+
+      extraOptions = ''
+        experimental-features = nix-command flakes
+      '';
+
+      settings = {
+        auto-optimise-store = false;
+      };
+    };
+
+    environment.etc.nixpkgs.source = inputs.nixpkgs;
+    environment.etc.self.source = inputs.self;
+
+    environment.systemPackages = [ pkgs.nano pkgs.kitty pkgs.labwc ];
+    environment.noXlibs = lib.mkForce false;
+
+    security.polkit.enable = true;
+
+    # nixpkgs.overlays = [(self: super: {
+    #   labwc = super.labwc.overrideAttrs (old: {
+    #     buildInputs = [ pkgs.libGL ] ++ old.buildInputs;
+    #     mesonFlags = [ "-Dxwayland=disabled" ];
+    #   });
+    #   libdecor = super.libdecor.overrideAttrs (old: {
+    #     buildInputs = [ pkgs.libGL ] ++ old.buildInputs;
+    #   });
+    # })];
+
+    system.stateVersion = "22.11";
+
+    services.getty.autologinUser = "alukard";
+
+    # environment.loginShellInit = lib.mkAfter ''
+    #   [[ "$(tty)" == /dev/tty1 ]] && {
+    #     exec labwc
+    #   }
+    # '';
+
+    system.userActivationScripts.linktosharedfolder.text = let
+      environment = pkgs.writeText "environment" ''
+        XDG_CURRENT_DESKTOP=wlroots
+        XKB_DEFAULT_LAYOUT=us,ru
+        XKB_DEFAULT_OPTIONS=grp:win_space_toggle
+        _JAVA_AWT_WM_NONREPARENTING=1
+      '';
+      menu-xml = pkgs.writeText "menu.xml" ''
+        <?xml version="1.0">
+        <openbox_menu>
+        <menu id="root-menu" label="">
+          <item label="Terminal"><action name="Execute" command="kitty" /></item>
+          <item label="Reconfigure"><action name="Reconfigure" /></item>
+          <item label="Exit"><action name="Exit" /></item>
+        </menu>
+        </openbox_menu>
+      '';
+    in ''
+      if [[ -h "$HOME/.config/labwc/environment" ]]; then
+        rm -f "$HOME/.config/labwc/environment"
+      fi
+      if [[ -h "$HOME/.config/labwc/menu.xml" ]]; then
+        rm -f "$HOME/.config/labwc/menu.xml"
+      fi
+      ln -s "${environment}" "$HOME/.config/labwc/environment"
+      ln -s "${menu-xml}" "$HOME/.config/labwc/menu.xml"
+    '';
+
+    environment.etc."gbinder.d/waydroid.conf".source = let
+        waydroidGbinderConf = pkgs.writeText "waydroid.conf" ''
+          [General]
+          ApiLevel = 29
+        '';
+      in lib.mkForce waydroidGbinderConf;
+    virtualisation.waydroid.enable = true;
+    # virtualisation.lxd.enable = true;
+  };
+}

machines/Wayland-VM/system

@@ -0,0 +1 @@
+x86_64-linux

machines/Wayland-VM/system-path.nix

@@ -0,0 +1,189 @@
+# This module defines the packages that appear in
+# /run/current-system/sw.
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  requiredPackages = map (pkg: setPrio ((pkg.meta.priority or 5) + 3) pkg) [
+    #   pkgs.acl
+    #   pkgs.attr
+      pkgs.bashInteractive # bash with ncurses support
+    #   pkgs.bzip2
+      pkgs.coreutils-full
+    #   pkgs.cpio
+    #   pkgs.curl
+    #   pkgs.diffutils
+    #   pkgs.findutils
+    #   pkgs.gawk
+      pkgs.stdenv.cc.libc
+    #   pkgs.getent
+    #   pkgs.getconf
+    #   pkgs.gnugrep
+    #   pkgs.gnupatch
+    #   pkgs.gnused
+    #   pkgs.gnutar
+    #   pkgs.gzip
+    #   pkgs.xz
+    #   pkgs.less
+    #   pkgs.libcap
+      pkgs.ncurses
+    #   pkgs.netcat
+    #   config.programs.ssh.package
+    #   pkgs.mkpasswd
+    #   pkgs.procps
+      pkgs.su
+    #   pkgs.time
+    #   pkgs.util-linux
+    #   pkgs.which
+    #   pkgs.zstd
+    ];
+
+  defaultPackageNames =
+    [
+      "perl"
+      "rsync"
+      "strace"
+    ];
+  defaultPackages =
+    map
+      (n: let pkg = pkgs.${n}; in setPrio ((pkg.meta.priority or 5) + 3) pkg)
+      defaultPackageNames;
+  defaultPackagesText = "[ ${concatMapStringsSep " " (n: "pkgs.${n}") defaultPackageNames } ]";
+
+in
+
+{
+  options = {
+
+    environment = {
+
+      systemPackages = mkOption {
+        type = types.listOf types.package;
+        default = [];
+        example = literalExpression "[ pkgs.firefox pkgs.thunderbird ]";
+        description = lib.mdDoc ''
+          The set of packages that appear in
+          /run/current-system/sw.  These packages are
+          automatically available to all users, and are
+          automatically updated every time you rebuild the system
+          configuration.  (The latter is the main difference with
+          installing them in the default profile,
+          {file}`/nix/var/nix/profiles/default`.
+        '';
+      };
+
+      defaultPackages = mkOption {
+        type = types.listOf types.package;
+        default = defaultPackages;
+        defaultText = literalDocBook ''
+          these packages, with their <literal>meta.priority</literal> numerically increased
+          (thus lowering their installation priority):
+          <programlisting>${defaultPackagesText}</programlisting>
+        '';
+        example = [];
+        description = lib.mdDoc ''
+          Set of default packages that aren't strictly necessary
+          for a running system, entries can be removed for a more
+          minimal NixOS installation.
+
+          Note: If `pkgs.nano` is removed from this list,
+          make sure another editor is installed and the
+          `EDITOR` environment variable is set to it.
+          Environment variables can be set using
+          {option}`environment.variables`.
+
+          Like with systemPackages, packages are installed to
+          {file}`/run/current-system/sw`. They are
+          automatically available to all users, and are
+          automatically updated every time you rebuild the system
+          configuration.
+        '';
+      };
+
+      pathsToLink = mkOption {
+        type = types.listOf types.str;
+        # Note: We need `/lib' to be among `pathsToLink' for NSS modules
+        # to work.
+        default = [];
+        example = ["/"];
+        description = lib.mdDoc "List of directories to be symlinked in {file}`/run/current-system/sw`.";
+      };
+
+      extraOutputsToInstall = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        example = [ "doc" "info" "devdoc" ];
+        description = lib.mdDoc "List of additional package outputs to be symlinked into {file}`/run/current-system/sw`.";
+      };
+
+      extraSetup = mkOption {
+        type = types.lines;
+        default = "";
+        description = lib.mdDoc "Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.";
+      };
+
+    };
+
+    system = {
+
+      path = mkOption {
+        internal = true;
+        description = ''
+          The packages you want in the boot environment.
+        '';
+      };
+
+    };
+
+  };
+
+  config = {
+
+    environment.systemPackages = requiredPackages ++ config.environment.defaultPackages;
+
+    environment.pathsToLink =
+      [ "/bin"
+        "/etc/xdg"
+        "/etc/gtk-2.0"
+        "/etc/gtk-3.0"
+        "/lib" # FIXME: remove and update debug-info.nix
+        "/sbin"
+        "/share/emacs"
+        "/share/hunspell"
+        "/share/nano"
+        "/share/org"
+        "/share/themes"
+        "/share/vim-plugins"
+        "/share/vulkan"
+        "/share/kservices5"
+        "/share/kservicetypes5"
+        "/share/kxmlgui5"
+        "/share/systemd"
+        "/share/thumbnailers"
+      ];
+
+    system.path = pkgs.buildEnv {
+      name = "system-path";
+      paths = config.environment.systemPackages;
+      inherit (config.environment) pathsToLink extraOutputsToInstall;
+      ignoreCollisions = true;
+      # !!! Hacky, should modularise.
+      # outputs TODO: note that the tools will often not be linked by default
+      postBuild =
+        ''
+          # Remove wrapped binaries, they shouldn't be accessible via PATH.
+          find $out/bin -maxdepth 1 -name ".*-wrapped" -type l -delete
+
+          if [ -x $out/bin/glib-compile-schemas -a -w $out/share/glib-2.0/schemas ]; then
+              $out/bin/glib-compile-schemas $out/share/glib-2.0/schemas
+          fi
+
+          ${config.environment.extraSetup}
+        '';
+    };
+
+  };
+}

profiles/applications/packages.nix

@@ -11,7 +11,7 @@ with config.deviceSpecific; {
     fd
     ffmpeg.bin
     # git-filter-repo
-    glib
+    glib.out
     # gptfdisk
     kitti3
     libqalculate
@@ -54,13 +54,11 @@ with config.deviceSpecific; {
     foliate
     gparted
     jellyfin-media-player
-    parsec
     # persepolis
     pinta
     qbittorrent
     qimgv
     # quodlibet
-    schildichat-desktop-wayland
     system-config-printer
     tdesktop
     xarchiver
@@ -81,6 +79,7 @@ with config.deviceSpecific; {
     libreoffice
     nodePackages.peerflix
     samba
+    schildichat-desktop-wayland
     scrcpy
   ] ++ lib.optionals isGaming [
     # ceserver
@@ -92,6 +91,7 @@ with config.deviceSpecific; {
     polymc
     reshade-shaders
     (retroarch.override { cores = [ libretro.genesis-plus-gx libretro.dosbox ]; })
+    parsec
     protontricks
     vkBasalt
     wine

profiles/mullvad.nix

@@ -6,5 +6,11 @@ in {
     services.mullvad-vpn.enable = true;
     home-manager.users.alukard.home.packages = [ pkgs.mullvad-vpn ];
     startupApplications = [ "${pkgs.mullvad-vpn}/share/mullvad/mullvad-gui" ];
+    security.wrappers.mullvad-exclude = {
+      setuid = true;
+      owner = "root";
+      group = "root";
+      source = "${pkgs.mullvad-vpn}/bin/mullvad-exclude";
+    };
   };
 }

profiles/samba.nix

@@ -24,6 +24,9 @@ with config.deviceSpecific; {
     # syncPasswordsByPam = false;
     configText = ''
       [global]
+      client min protocol = SMB3_11
+      server min protocol = SMB3_11
+      smb encrypt = required
       server string = samba home server
       server role = standalone server
       disable netbios = yes

profiles/workspace/hyprland/default.nix

@@ -266,6 +266,8 @@ in with config.deviceSpecific; with lib; {
           windowrule=float,steam_app.*
 
           windowrule=opaque,virt-manager
+          windowrule=opaque,^(.+WinBox.+)$
+          windowrule=tile,^(.+WinBox.+)$
         '' ''
           exec=${importGsettings}
           # exec-once=swayidle -w timeout 600 'hyprctl dispatch dpms off' resume 'hyprctl dispatch dpms on'

profiles/workspace/misc.nix

@@ -1,11 +1,11 @@
 { pkgs, lib, config, ... }: {
 
-  # environment.sessionVariables = config.home-manager.users.alukard.home.sessionVariables // rec {
   environment.sessionVariables = rec {
     LESS = "MR";
     LESSHISTFILE = "~/.local/share/lesshist";
     SYSTEMD_LESS = LESS;
     CARGO_HOME = "${config.home-manager.users.alukard.xdg.dataHome}/cargo";
+    LIBVIRT_DEFAULT_URI = "qemu:///system";
   };
 
   environment.systemPackages = [ pkgs.pass-secret-service ];

roles/desktop.nix

@@ -39,7 +39,7 @@
     direnv
     fonts
     gtk
-    i3status-rust
+    # i3status-rust
     kde
     light
     mako