AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
Dmitriy Kholkin 2022-12-14 23:49:46 +03:00
parent 167d11428c
commit 803defc98a
31 changed files with 65 additions and 1297 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
flake.lock generated
View File

@ -311,22 +311,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1648199409,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-registry": { "flake-registry": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -622,6 +606,21 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": {
"locked": {
"lastModified": 1668668915,
"narHash": "sha256-QjY4ZZbs9shwO4LaLpvlU2bO9J1juYhO9NtV3nrbnYQ=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "5df9108b346f8a42021bf99e50de89c9caa251c3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"lib-aggregate": { "lib-aggregate": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_7",
@ -641,22 +640,6 @@
"type": "github" "type": "github"
} }
}, },
"libnbtplusplus": {
"flake": false,
"locked": {
"lastModified": 1591558203,
"narHash": "sha256-QgvNvaoFflCXEPCCFBCeZvYTpuiwScBG7EosUgFwFNQ=",
"owner": "multimc",
"repo": "libnbtplusplus",
"rev": "dc72a20b7efd304d12af2025223fad07b4b78464",
"type": "github"
},
"original": {
"owner": "multimc",
"repo": "libnbtplusplus",
"type": "github"
}
},
"lowdown-src": { "lowdown-src": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -1096,29 +1079,6 @@
"type": "github" "type": "github"
} }
}, },
"polymc": {
"inputs": {
"flake-compat": "flake-compat_5",
"libnbtplusplus": "libnbtplusplus",
"nixpkgs": [
"nixpkgs"
],
"quazip": "quazip"
},
"locked": {
"lastModified": 1666556983,
"narHash": "sha256-jJtMO2qHxgARl/ENbwsgRpM0d7fOlQL/cQfWJaakm7c=",
"owner": "AquaVirus",
"repo": "PolyMC-Cracked",
"rev": "0f26c7e59ef6705c6b90adb20a5f9e33d297eb1d",
"type": "github"
},
"original": {
"owner": "AquaVirus",
"repo": "PolyMC-Cracked",
"type": "github"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -1162,22 +1122,6 @@
"type": "github" "type": "github"
} }
}, },
"quazip": {
"flake": false,
"locked": {
"lastModified": 1643049383,
"narHash": "sha256-LcJY6yd6GyeL7X5MP4L94diceM1TYespWByliBsjK98=",
"owner": "stachenov",
"repo": "quazip",
"rev": "09ec1d10c6d627f895109b21728dda000cbfa7d1",
"type": "github"
},
"original": {
"owner": "stachenov",
"repo": "quazip",
"type": "github"
}
},
"rnix-lsp": { "rnix-lsp": {
"inputs": { "inputs": {
"naersk": "naersk_2", "naersk": "naersk_2",
@ -1212,6 +1156,7 @@
"flake-utils-plus": "flake-utils-plus_2", "flake-utils-plus": "flake-utils-plus_2",
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
"impermanence": "impermanence",
"nix": "nix", "nix": "nix",
"nix-alien": "nix-alien", "nix-alien": "nix-alien",
"nix-direnv": "nix-direnv", "nix-direnv": "nix-direnv",
@ -1222,7 +1167,6 @@
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"nur": "nur", "nur": "nur",
"polymc": "polymc",
"qbittorrent-ee": "qbittorrent-ee", "qbittorrent-ee": "qbittorrent-ee",
"rnix-lsp": "rnix-lsp", "rnix-lsp": "rnix-lsp",
"rycee": "rycee", "rycee": "rycee",

4
flake.nix
View File

@ -56,10 +56,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nur.url = github:nix-community/NUR; nur.url = github:nix-community/NUR;
polymc = {
url = "github:AquaVirus/PolyMC-Cracked";
inputs.nixpkgs.follows = "nixpkgs";
};
qbittorrent-ee = { qbittorrent-ee = {
url = "github:c0re100/qBittorrent-Enhanced-Edition"; url = "github:c0re100/qBittorrent-Enhanced-Edition";
flake = false; flake = false;

278
install/install-zfs-swap-luks.sh
View File

@ -1,278 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p gptfdisk parted git
set -e
CONFIG_FOLDER="$(dirname "$(pwd)")"
LUKS_DEVICE_NAME=cryptroot
BOOT_DEVICE_NAME=cryptboot
DEVICE_NAME=Hypervisor-VM
# IS_VM=true
MAX_JOBS=2
USE_SWAP=true
BOOT_POOL_SIZE=4GiB
SWAP_SIZE=1GiB
BOOT_RESERVATION=128M
ROOT_RESERVATION=1G
USE_ECNRYPTION=true
if [[ "$IS_VM" = true ]]; then
DISK_DEV_NODES="/dev/disk/by-path"
else
DISK_DEV_NODES="/dev/disk/by-id"
fi
clean_stdin() {
while read -r -t 0; do read -r; done
}
pprint () {
local cyan="\e[96m"
local default="\e[39m"
local timestamp
timestamp=$(date +%FT%T.%3NZ)
echo -e "${cyan}${timestamp} $1${default}" 1>&2
}
# Create new partitions
create_new_part_table() {
select ENTRY in $(ls $DISK_DEV_NODES);
do
DISK="$DISK_DEV_NODES/$ENTRY"
echo "Installing system on $ENTRY"
break
done
read -s -p "> Do you want to wipe all data on $ENTRY ?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
sgdisk --zap-all "$DISK"
fi
pprint "Creating boot (EFI) partition"
sgdisk -n1:1MiB:+512MiB -t1:EF00 "$DISK"
EFI="$DISK-part1"
pprint "Creating boot (ZFS) partition"
if [[ "$USE_ECNRYPTION" = true ]]
then
sgdisk -n2:0:+$BOOT_POOL_SIZE -t2:8309 "$DISK"
else
sgdisk -n2:0:+$BOOT_POOL_SIZE -t2:BF00 "$DISK"
fi
BOOT="$DISK-part2"
if [[ "$USE_SWAP" = true ]]
then
pprint "Creating SWAP partition"
sgdisk -n4:0:+$SWAP_SIZE -t4:8200 "$DISK"
fi
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Creating LUKS partition"
sgdisk -n3:0:0 -t3:8309 "$DISK"
else
pprint "Creating ROOT partition"
sgdisk -n3:0:0 -t3:BF00 "$DISK"
fi
ROOT="$DISK-part3"
partprobe "$DISK"
sleep 1
pprint "Format EFI partition $EFI"
mkfs.vfat -n EFI "$EFI"
}
### INSTALLATION BEGIN ###
create_new_part_table
if [[ "$USE_ECNRYPTION" = true ]]
then
dd if=/dev/urandom of=./keyfile0.bin bs=1024 count=4
pprint "Creating LUKS container on $BOOT"
clean_stdin
cryptsetup --type luks1 -c aes-xts-plain64 -s 512 -h sha512 --iter-time 5000 --use-random luksFormat "$BOOT"
clean_stdin
pprint "Add keyfile to LUKS container on $BOOT"
cryptsetup luksAddKey $BOOT keyfile0.bin
pprint "Open LUKS container on $BOOT"
cryptsetup luksOpen --allow-discards "$BOOT" "$BOOT_DEVICE_NAME" -d keyfile0.bin
pprint "Creating LUKS container on $ROOT"
clean_stdin
cryptsetup --type luks1 -c aes-xts-plain64 -s 512 -h sha512 --iter-time 5000 --use-random luksFormat "$ROOT"
clean_stdin
pprint "Add keyfile to LUKS container on $ROOT"
cryptsetup luksAddKey $ROOT keyfile0.bin
pprint "Open LUKS container on $ROOT"
cryptsetup luksOpen --allow-discards "$ROOT" "$LUKS_DEVICE_NAME" -d keyfile0.bin
BOOT_POOL="$(ls /dev/disk/by-id/dm-uuid-*$BOOT_DEVICE_NAME)"
# BOOT_POOL="$BOOT"
ROOT_POOL="$(ls /dev/disk/by-id/dm-uuid-*$LUKS_DEVICE_NAME)"
else
BOOT_POOL="$BOOT"
ROOT_POOL="$ROOT"
fi
pprint "Create ZFS root pool on $ROOT_POOL"
zpool create \
-f \
-o ashift=12 \
-o autotrim=on \
-O acltype=posixacl \
-O atime=on \
-O canmount=off \
-O compression=zstd \
-O dnodesize=auto \
-O normalization=formD \
-O relatime=on \
-O xattr=sa \
-O dedup=off \
-O mountpoint=/ \
-R /mnt \
rpool "$ROOT_POOL"
pprint "Create ZFS root datasets"
zfs create -o refreservation=$ROOT_RESERVATION -o canmount=off -o mountpoint=none rpool/reserved
# top level datasets
zfs create -o canmount=off -o mountpoint=none rpool/nixos
zfs create -o canmount=off -o mountpoint=none rpool/user
zfs create -o canmount=off -o mountpoint=none rpool/persistent
# empty root
zfs create -o canmount=noauto -o mountpoint=/ rpool/nixos/root
zfs mount rpool/nixos/root
zfs create -o canmount=on -o mountpoint=/home rpool/user/home
# persistent across boots
zfs create -o canmount=on -o mountpoint=/persistent rpool/persistent/impermanence
zfs create -o canmount=on -o mountpoint=/etc/secrets rpool/persistent/secrets
zfs create -o canmount=on -o mountpoint=/nix rpool/persistent/nix
# zfs create -o canmount=on -o mountpoint=/boot rpool/persistent/boot
zfs create -o canmount=on -o mountpoint=/var/log rpool/persistent/log
zfs create -o canmount=noauto -o atime=off rpool/persistent/lxd
zfs create -o canmount=on -o mountpoint=/var/lib/docker -o atime=off rpool/persistent/docker
zfs create -o canmount=on -o mountpoint=/media/bittorrent -o atime=off -o recordsize=256K rpool/persistent/bittorrent
zfs create -o canmount=on -o mountpoint=/media/libvirt -o atime=off -o recordsize=64K rpool/persistent/libvirt
# Create empty zfs snapshots
zfs snapshot rpool/nixos@empty
zfs snapshot rpool/nixos/root@empty
zfs snapshot rpool/user@empty
zfs snapshot rpool/user/home@empty
pprint "Create ZFS boot pool on $BOOT_POOL"
zpool create \
-f \
-o compatibility=grub2 \
-o ashift=12 \
-o autotrim=on \
-O acltype=posixacl \
-O atime=on \
-O canmount=off \
-O compression=lz4 \
-O devices=off \
-O normalization=formD \
-O relatime=on \
-O xattr=sa \
-O dedup=off \
-O mountpoint=/boot \
-R /mnt \
bpool "$BOOT_POOL"
pprint "Create ZFS boot datasets"
zfs create -o refreservation=$BOOT_RESERVATION -o canmount=off -o mountpoint=none bpool/reserved
zfs create -o canmount=off -o mountpoint=none bpool/nixos
zfs create -o canmount=on -o mountpoint=/boot bpool/nixos/boot
zfs snapshot bpool/nixos@empty
zfs snapshot bpool/nixos/boot@empty
# Disable cache, stale cache will prevent system from booting
mkdir -p /mnt/etc/zfs/
rm -f /mnt/etc/zfs/zpool.cache
touch /mnt/etc/zfs/zpool.cache
chmod a-w /mnt/etc/zfs/zpool.cache
chattr +i /mnt/etc/zfs/zpool.cache
mkdir -p /mnt/boot/efi
mount -t vfat "$EFI" /mnt/boot/efi
if [[ "$USE_SWAP" = true ]]; then
SWAP="$DISK-part4"
mkswap -L swap -f "$SWAP"
fi
pprint "Generate NixOS configuration"
[[ -f $CONFIG_FOLDER/machines/$DEVICE_NAME/configuration.nix ]] && CONFIG_EXISTS=true
nixos-generate-config --root /mnt --dir $CONFIG_FOLDER/machines/$DEVICE_NAME
[[ -z "$CONFIG_EXISTS" ]] && rm -f $CONFIG_FOLDER/machines/$DEVICE_NAME/configuration.nix
HOSTID=$(head -c8 /etc/machine-id)
BOOT_PARTUUID=$(blkid --match-tag PARTUUID --output value "$BOOT")
ROOT_PARTUUID=$(blkid --match-tag PARTUUID --output value "$ROOT")
[[ ! -z "$SWAP" ]] && SWAP_PARTUUID=$(blkid --match-tag PARTUUID --output value "$SWAP")
HARDWARE_CONFIG=$(mktemp)
if [[ "$USE_ECNRYPTION" = true ]]
then
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$DISK_DEV_NODES";
boot.supportedFilesystems = [ "zfs" ];
boot.initrd.luks.devices."$BOOT_DEVICE_NAME".device = "/dev/disk/by-partuuid/$BOOT_PARTUUID";
boot.initrd.luks.devices."$LUKS_DEVICE_NAME".device = "/dev/disk/by-partuuid/$ROOT_PARTUUID";
CONFIG
else
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$DISK_DEV_NODES";
boot.supportedFilesystems = [ "zfs" ];
CONFIG
fi
pprint "Append ZFS configuration to hardware-configuration.nix"
sed -i "\$e cat $HARDWARE_CONFIG" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
sed -i 's|fsType = "zfs";|fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];|g' $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
if [[ ! -z "$SWAP" ]]; then
sed -i "s|swapDevices = \[ \];|swapDevices = \[\n {\n device = \"/dev/disk/by-partuuid/$SWAP_PARTUUID\";\n randomEncryption.enable = true;\n randomEncryption.allowDiscards = true;\n }\n \];|" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
fi
chown 1000:100 $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
git add -A
pprint "Copy config to destination system"
mkdir -p /mnt/home/alukard/nixos-config
cp -aT $CONFIG_FOLDER /mnt/home/alukard/nixos-config
pprint "Gen ssh host key for initrd"
ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/ssh_host_key
chown root:root /mnt/etc/secrets/ssh_host_key
chmod 600 /mnt/etc/secrets/ssh_host_key
if [[ "$USE_ECNRYPTION" = true ]]
then
cp keyfile0.bin /mnt/etc/secrets/keyfile0.bin
chmod 000 /mnt/etc/secrets/keyfile*.bin
fi
clean_stdin
read -s -p "> Do you want to execute nixos-install command?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
nixos-install --flake "../#$DEVICE_NAME" --root /mnt --max-jobs $MAX_JOBS --no-root-passwd
fi
umount -Rl /mnt && \
zpool export -a && \
cryptsetup luksClose $BOOT_DEVICE_NAME && \
cryptsetup luksClose $LUKS_DEVICE_NAME

278
install/install-zfs-swap.sh
View File

@ -1,278 +0,0 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p gptfdisk parted git
set -e
CONFIG_FOLDER="$(dirname "$(pwd)")"
LUKS_DEVICE_NAME=cryptroot
BOOT_DEVICE_NAME=cryptboot
DEVICE_NAME=Hypervisor-VM
IS_VM=true
MAX_JOBS=4
USE_SWAP=true
BOOT_POOL_SIZE=4GiB
SWAP_SIZE=1GiB
BOOT_RESERVATION=128M
ROOT_RESERVATION=1G
# USE_ECNRYPTION=true
if [[ "$IS_VM" = true ]]; then
DISK_DEV_NODES="/dev/disk/by-path"
else
DISK_DEV_NODES="/dev/disk/by-id"
fi
clean_stdin() {
while read -r -t 0; do read -r; done
}
pprint () {
local cyan="\e[96m"
local default="\e[39m"
local timestamp
timestamp=$(date +%FT%T.%3NZ)
echo -e "${cyan}${timestamp} $1${default}" 1>&2
}
# Create new partitions
create_new_part_table() {
select ENTRY in $(ls $DISK_DEV_NODES);
do
DISK="$DISK_DEV_NODES/$ENTRY"
echo "Installing system on $ENTRY"
break
done
read -s -p "> Do you want to wipe all data on $ENTRY ?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
sgdisk --zap-all "$DISK"
fi
pprint "Creating boot (EFI) partition"
sgdisk -n1:1MiB:+512MiB -t1:EF00 "$DISK"
EFI="$DISK-part1"
pprint "Creating boot (ZFS) partition"
if [[ "$USE_ECNRYPTION" = true ]]
then
sgdisk -n2:0:+$BOOT_POOL_SIZE -t2:8309 "$DISK"
else
sgdisk -n2:0:+$BOOT_POOL_SIZE -t2:EF00 "$DISK"
fi
BOOT="$DISK-part2"
if [[ "$USE_SWAP" = true ]]
then
pprint "Creating SWAP partition"
sgdisk -n4:0:+$SWAP_SIZE -t4:8200 "$DISK"
fi
if [[ "$USE_ECNRYPTION" = true ]]
then
pprint "Creating LUKS partition"
sgdisk -n3:0:0 -t3:8309 "$DISK"
else
pprint "Creating ROOT partition"
sgdisk -n3:0:0 -t3:BF00 "$DISK"
fi
ROOT="$DISK-part3"
partprobe "$DISK"
sleep 1
pprint "Format EFI partition $EFI"
mkfs.vfat -n EFI "$EFI"
}
### INSTALLATION BEGIN ###
create_new_part_table
if [[ "$USE_ECNRYPTION" = true ]]
then
dd if=/dev/urandom of=./keyfile0.bin bs=1024 count=4
pprint "Creating LUKS container on $BOOT"
clean_stdin
cryptsetup --type luks1 -c aes-xts-plain64 -s 512 -h sha512 --iter-time 5000 --use-random luksFormat "$BOOT"
clean_stdin
pprint "Add keyfile to LUKS container on $BOOT"
cryptsetup luksAddKey $BOOT keyfile0.bin
pprint "Open LUKS container on $BOOT"
cryptsetup luksOpen --allow-discards "$BOOT" "$BOOT_DEVICE_NAME" -d keyfile0.bin
pprint "Creating LUKS container on $ROOT"
clean_stdin
cryptsetup --type luks1 -c aes-xts-plain64 -s 512 -h sha512 --iter-time 5000 --use-random luksFormat "$ROOT"
clean_stdin
pprint "Add keyfile to LUKS container on $ROOT"
cryptsetup luksAddKey $ROOT keyfile0.bin
pprint "Open LUKS container on $ROOT"
cryptsetup luksOpen --allow-discards "$ROOT" "$LUKS_DEVICE_NAME" -d keyfile0.bin
BOOT_POOL="$(ls /dev/disk/by-id/dm-uuid-*$BOOT_DEVICE_NAME)"
ROOT_POOL="$(ls /dev/disk/by-id/dm-uuid-*$LUKS_DEVICE_NAME)"
else
BOOT_POOL="$BOOT"
ROOT_POOL="$ROOT"
fi
pprint "Create ZFS root pool on $ROOT_POOL"
zpool create \
-f \
-o ashift=12 \
-o autotrim=on \
-O acltype=posixacl \
-O atime=on \
-O canmount=off \
-O compression=zstd \
-O dnodesize=auto \
-O normalization=formD \
-O relatime=on \
-O xattr=sa \
-O dedup=off \
-O mountpoint=/ \
-R /mnt \
rpool "$ROOT_POOL"
pprint "Create ZFS root datasets"
zfs create -o refreservation=$ROOT_RESERVATION -o canmount=off -o mountpoint=none rpool/reserved
# top level datasets
zfs create -o canmount=off -o mountpoint=none rpool/nixos
zfs create -o canmount=off -o mountpoint=none rpool/user
zfs create -o canmount=off -o mountpoint=none rpool/persistent
# empty root
zfs create -o canmount=noauto -o mountpoint=/ rpool/nixos/root
zfs mount rpool/nixos/root
zfs create -o canmount=on -o mountpoint=/home rpool/user/home
# persistent across boots
zfs create -o canmount=on -o mountpoint=/persistent rpool/persistent/impermanence
zfs create -o canmount=on -o mountpoint=/etc/secrets rpool/persistent/secrets
zfs create -o canmount=on -o mountpoint=/nix rpool/persistent/nix
# zfs create -o canmount=on -o mountpoint=/boot rpool/persistent/boot
zfs create -o canmount=on -o mountpoint=/var/log rpool/persistent/log
zfs create -o canmount=noauto -o atime=off rpool/persistent/lxd
zfs create -o canmount=on -o mountpoint=/var/lib/docker -o atime=off rpool/persistent/docker
zfs create -o canmount=on -o mountpoint=/media/bittorrent -o atime=off -o recordsize=256K rpool/persistent/bittorrent
zfs create -o canmount=on -o mountpoint=/media/libvirt -o atime=off -o recordsize=64K rpool/persistent/libvirt
# Create empty zfs snapshots
zfs snapshot rpool/nixos@empty
zfs snapshot rpool/nixos/root@empty
zfs snapshot rpool/user@empty
zfs snapshot rpool/user/home@empty
pprint "Create ZFS boot pool on $BOOT_POOL"
zpool create \
-f \
-o compatibility=grub2 \
-o ashift=12 \
-o autotrim=on \
-O acltype=posixacl \
-O atime=on \
-O canmount=off \
-O compression=lz4 \
-O devices=off \
-O normalization=formD \
-O relatime=on \
-O xattr=sa \
-O dedup=off \
-O mountpoint=/boot \
-R /mnt \
bpool "$BOOT_POOL"
pprint "Create ZFS boot datasets"
zfs create -o refreservation=$BOOT_RESERVATION -o canmount=off -o mountpoint=none bpool/reserved
zfs create -o canmount=off -o mountpoint=none bpool/nixos
zfs create -o canmount=on -o mountpoint=/boot bpool/nixos/boot
zfs snapshot bpool/nixos@empty
zfs snapshot bpool/nixos/boot@empty
# Disable cache, stale cache will prevent system from booting
mkdir -p /mnt/etc/zfs/
rm -f /mnt/etc/zfs/zpool.cache
touch /mnt/etc/zfs/zpool.cache
chmod a-w /mnt/etc/zfs/zpool.cache
chattr +i /mnt/etc/zfs/zpool.cache
mkdir -p /mnt/boot/efi
mount -t vfat "$EFI" /mnt/boot/efi
if [[ "$USE_SWAP" = true ]]; then
SWAP="$DISK-part4"
mkswap -L swap -f "$SWAP"
fi
pprint "Generate NixOS configuration"
# nixos-generate-config --root /mnt
[[ -f $CONFIG_FOLDER/machines/$DEVICE_NAME/configuration.nix ]] && CONFIG_EXISTS=true
nixos-generate-config --root /mnt --dir $CONFIG_FOLDER/machines/$DEVICE_NAME
[[ -z "$CONFIG_EXISTS" ]] && rm -f $CONFIG_FOLDER/machines/$DEVICE_NAME/configuration.nix
HOSTID=$(head -c8 /etc/machine-id)
BOOT_PARTUUID=$(blkid --match-tag PARTUUID --output value "$BOOT")
ROOT_PARTUUID=$(blkid --match-tag PARTUUID --output value "$ROOT")
[[ ! -z "$SWAP" ]] && SWAP_PARTUUID=$(blkid --match-tag PARTUUID --output value "$SWAP")
HARDWARE_CONFIG=$(mktemp)
if [[ "$USE_ECNRYPTION" = true ]]
then
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$DISK_DEV_NODES";
boot.supportedFilesystems = [ "zfs" ];
boot.initrd.luks.devices."$BOOT_DEVICE_NAME".device = "/dev/disk/by-partuuid/$BOOT_PARTUUID";
boot.initrd.luks.devices."$LUKS_DEVICE_NAME".device = "/dev/disk/by-partuuid/$ROOT_PARTUUID";
CONFIG
else
cat <<CONFIG > "$HARDWARE_CONFIG"
networking.hostId = "$HOSTID";
boot.zfs.devNodes = "$DISK_DEV_NODES";
boot.supportedFilesystems = [ "zfs" ];
CONFIG
fi
pprint "Append ZFS configuration to hardware-configuration.nix"
sed -i "\$e cat $HARDWARE_CONFIG" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
sed -i 's|fsType = "zfs";|fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];|g' $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
if [[ ! -z "$SWAP" ]]; then
sed -i "s|swapDevices = \[ \];|swapDevices = \[\n {\n device = \"/dev/disk/by-partuuid/$SWAP_PARTUUID\";\n randomEncryption.enable = true;\n randomEncryption.allowDiscards = true;\n }\n \];|" $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
fi
chown 1000:100 $CONFIG_FOLDER/machines/$DEVICE_NAME/hardware-configuration.nix
git add -A
pprint "Copy config to destination system"
mkdir -p /mnt/home/alukard/nixos-config
cp -aT $CONFIG_FOLDER /mnt/home/alukard/nixos-config
pprint "Gen ssh host key for initrd"
ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/ssh_host_key
chown root:root /mnt/etc/secrets/ssh_host_key
chmod 600 /mnt/etc/secrets/ssh_host_key
if [[ "$USE_ECNRYPTION" = true ]]
then
cp keyfile0.bin /mnt/etc/secrets/keyfile0.bin
chmod 000 /mnt/etc/secrets/keyfile*.bin
fi
clean_stdin
read -s -p "> Do you want to execute nixos-install command?" -n 1 -r
echo
if [[ "$REPLY" =~ ^[Yy]$ ]]
then
nixos-install --flake "../#$DEVICE_NAME" --root /mnt --max-jobs $MAX_JOBS --no-root-passwd
fi
# umount -Rl /mnt
# zpool export -a
# cryptsetup luksClose $LUKS_DEVICE_NAME

79
install/min-config.nix
View File

@ -1,79 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
networking = {
hostName = "changeme";
firewall.enable = false;
networkmanager.enable = false;
wireless = {
enable = true;
networks.Alukard_5GHz = {
pskRaw = "feee27000fb0d7118d498d4d867416d04d1d9a1a7b5dbdbd888060bbde816fe4";
priority = 1;
};
networks.Alukard.pskRaw =
"5ef5fe07c1f062e4653fce9fe138cc952c20e284ae1ca50babf9089b5cba3a5a";
networks.AlukardAP = {
pskRaw = "b8adc07cf1a9c7a7a5946c2645283b27ab91a8af4c065e5f9cde03ed1815811c";
priority = 2;
};
networks.AlukardAP_5GHz = {
pskRaw = "d1733d7648467a8a9cae9880ef10a2ca934498514b4da13b53f236d7c68b8317";
priority = 1;
};
userControlled.enable = true;
};
};
programs.gnupg = {
agent.enable = true;
package = pkgs.gnupg;
};
nixpkgs.config = {
allowUnfree = true;
};
nix = {
useSandbox = true;
autoOptimiseStore = false;
optimise.automatic = true;
extraOptions = ''
experimental-features = nix-command flakes
'';
package = pkgs.nixFlakes;
};
i18n.defaultLocale = "en_GB.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
time.timeZone = "Europe/Moscow";
environment.systemPackages = with pkgs; [ git ];
users.mutableUsers = false;
users.users.alukard = {
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 1000;
hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
};
hardware.video.hidpi.enable = lib.mkForce false;
system.stateVersion = "21.05";
}

34
machines/AMD-Workstation/default.nix
View File

@ -39,10 +39,42 @@
hardware.video.hidpi.enable = lib.mkForce false; hardware.video.hidpi.enable = lib.mkForce false;
hardware.firmware = [ pkgs.rtl8761b-firmware ]; hardware.firmware = [ pkgs.rtl8761b-firmware ];
secrets.files-veracrypt = {};
environment.etc.crypttab = {
text = ''
files-veracrypt /dev/disk/by-partuuid/15fa11a1-a6d8-4962-9c03-74b209d7c46a /var/secrets/files-veracrypt tcrypt-veracrypt
'';
};
fileSystems = {
"/media/data" = {
fsType = "ntfs";
device = "/dev/disk/by-partuuid/a61ac8ea-53b9-462f-8a93-a5c07b131209";
options = [
"nofail"
"uid=${toString config.users.users.${config.mainuser}.uid}"
"gid=${toString config.users.groups.users.gid}"
];
};
"/media/files" = {
# Samba host
fsType = "ntfs";
device = "/dev/mapper/files-veracrypt";
options = [
"nofail"
"uid=${toString config.users.users.${config.mainuser}.uid}"
"gid=${toString config.users.groups.users.gid}"
];
};
};
services.ratbagd.enable = true;
home-manager.users.${config.mainuser} = { home-manager.users.${config.mainuser} = {
home.packages = lib.mkIf config.deviceSpecific.enableVirtualisation [ home.packages = lib.mkIf config.deviceSpecific.enableVirtualisation [
inputs.nixos-generators.packages.${pkgs.system}.nixos-generate inputs.nixos-generators.packages.${pkgs.hostPlatform.system}.nixos-generate
# pkgs.looking-glass-client # pkgs.looking-glass-client
pkgs.piper
]; ];
home.stateVersion = "21.11"; home.stateVersion = "21.11";
}; };

BIN
misc/Passwords.kdbx
View File

Binary file not shown.

BIN
misc/wallpaper-old
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 61 KiB

12
profiles/applications/firefox.nix
View File

@ -4,6 +4,7 @@ let
thm = config.lib.base16.theme; thm = config.lib.base16.theme;
fonts = config.lib.base16.theme.fonts; fonts = config.lib.base16.theme.fonts;
profileName = config.mainuser; profileName = config.mainuser;
homeDir = config.home-manager.users.${profileName}.home.homeDirectory;
profilePath = ".mozilla/firefox/${profileName}"; profilePath = ".mozilla/firefox/${profileName}";
mkUserJs = { prefs ? {}, extraPrefs ? "" }: '' mkUserJs = { prefs ? {}, extraPrefs ? "" }: ''
${extraPrefs} ${extraPrefs}
@ -14,7 +15,7 @@ let
''; '';
firefox-kpoxa = pkgs.writeShellScriptBin "firefox-kpoxa" '' firefox-kpoxa = pkgs.writeShellScriptBin "firefox-kpoxa" ''
${pkgs.firefox-wayland}/bin/firefox -profile /home/${config.mainuser}/.mozilla/firefox/kpoxa ${pkgs.firefox}/bin/firefox -profile ${homeDir}/.mozilla/firefox/kpoxa
''; '';
in { in {
environment.sessionVariables = { environment.sessionVariables = {
@ -24,7 +25,7 @@ in {
# programs.browserpass.enable = true; # programs.browserpass.enable = true;
defaultApplications.browser = { defaultApplications.browser = {
cmd = "${pkgs.firefox-wayland}/bin/firefox"; cmd = "${pkgs.firefox}/bin/firefox";
desktop = "firefox"; desktop = "firefox";
}; };
@ -67,7 +68,7 @@ in {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox-wayland; package = pkgs.firefox;
profiles = { profiles = {
${config.mainuser} = { ${config.mainuser} = {
id = 0; id = 0;
@ -191,4 +192,9 @@ in {
# ]; # ];
}; };
}; };
persist.state.homeDirectories = [
".mozilla/firefox/default"
".mozilla/firefox/kpoxa"
];
} }

2
profiles/applications/himalaya.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, inputs, lib, system, ... }: { { config, pkgs, lib, ... }: {
home-manager.users.${config.mainuser} = { home-manager.users.${config.mainuser} = {
home.packages = [ pkgs.himalaya ]; home.packages = [ pkgs.himalaya ];

32
profiles/applications/mopidy.nix
View File

@ -1,32 +0,0 @@
{ pkgs, ... }: {
services.mopidy = {
enable = true;
# dataDir = "";
configuration = ''
[audio]
output = pulsesink server=127.0.0.1:8888
[mpd]
enabled = true
hostname = 127.0.0.1
port = 6600
[local]
media_dir = /home/${config.mainuser}/Music
'';
extensionPackages = with pkgs; [
mopidy-local
# mopidy-mpris
mopidy-mpd
];
};
# systemd.services.mopidy-scan = {
# description = "mopidy local files cleaner";
# serviceConfig = {
# ExecStart = "${mopidyEnv}/bin/mopidy local clear";
# User = "mopidy";
# Type = "oneshot";
# };
# };
}

11
profiles/applications/ncmpcpp.nix
View File

@ -1,11 +0,0 @@
{ pkgs, ... }: {
home-manager.users.${config.mainuser}.programs.ncmpcpp = {
enable = true;
# mpdMusicDir = "$HOME/Music";
settings = {
mpd_host = "127.0.0.1";
mpd_port = 6600;
mpd_music_dir = "$HOME/Music";
};
};
}

4
profiles/applications/packages.nix
View File

@ -90,14 +90,14 @@ with config.deviceSpecific; {
schildichat-desktop-wayland schildichat-desktop-wayland
scrcpy scrcpy
] ++ lib.optionals isGaming [ ] ++ lib.optionals isGaming [
# ceserver ceserver
# ckan # ckan
gamescope gamescope
goverlay goverlay
lutris lutris
moonlight-qt moonlight-qt
obs-studio obs-studio
polymc prismlauncher
reshade-shaders reshade-shaders
(retroarch.override { cores = [ libretro.genesis-plus-gx libretro.dosbox ]; }) (retroarch.override { cores = [ libretro.genesis-plus-gx libretro.dosbox ]; })
parsec parsec

6
profiles/applications/piper.nix
View File

@ -1,6 +0,0 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf (config.device == "AMD-Workstation") {
services.ratbagd.enable = true;
home-manager.users.${config.mainuser}.home.packages = [ pkgs.piper ];
};
}

5
profiles/applications/syncthing.nix
View File

@ -1,5 +0,0 @@
{ config, pkgs, lib, ... }: {
home-manager.users.${config.mainuser} = {
services.syncthing.enable = true;
};
}

57
profiles/applications/vivaldi.nix
View File

@ -1,57 +0,0 @@
{ pkgs, ... }: {
# defaultApplications.browser = {
# cmd = "${pkgs.vivaldi}/bin/vivaldi";
# desktop = "vivaldi";
# };
home-manager.users.${config.mainuser} = {
home.packages = with pkgs; [
((vivaldi.overrideAttrs (oldAttrs: rec {
buildInputs = oldAttrs.buildInputs ++ [ pkgs.libglvnd pkgs.pipewire pkgs.wayland ];
# --enable-features=UseOzonePlatform,UseSkiaRenderer,Vulkan --ozone-platform=wayland
postInstall = ''
substituteInPlace "$out"/bin/vivaldi \
--replace 'vivaldi-wrapped" "$@"' 'vivaldi-wrapped" --ignore-gpu-blocklist --enable-gpu-rasterization \
--enable-zero-copy --use-gl=desktop "$@"'
'';
})).override { proprietaryCodecs = true; })
];
xdg.configFile."vivaldi/css/custom.css".source = pkgs.writeText "custom.css" ''
#header {
min-height: 0;
z-index: auto;
}
.vivaldi, .window-buttongroup {
z-index: 999;
}
.vivaldi {
position: relative !important;
top: 3px !important;
}
.topmenu {
position: absolute;
}
.topmenu>nav {
left: -28px;
top: 4px;
}
.horizontal-menu .toolbar.toolbar-addressbar {
padding: 0 150px 0 269px !important;
}
.toolbar.toolbar-addressbar {
padding: 0 150px 0 50px !important;
height: 36px;
}
.bookmark-bar {
margin-bottom: 0;
}
.window-buttongroup {
display: none !important;
}
.UrlBar {
margin-left: 34px;
}
'';
};
}

86
profiles/filesystems.nix
View File

@ -1,86 +0,0 @@
{ pkgs, lib, config, ... }:
with rec {
inherit (config) deviceSpecific secrets device;
};
with deviceSpecific;
{
secrets.samba.services = [];
secrets.files-veracrypt = {};
environment.etc.crypttab = lib.mkIf (device == "AMD-Workstation") {
text = ''
files-veracrypt /dev/disk/by-partuuid/15fa11a1-a6d8-4962-9c03-74b209d7c46a /var/secrets/files-veracrypt tcrypt-veracrypt
'';
};
fileSystems = {
"/shared/nixos" = lib.mkIf isVM {
fsType = "vboxsf";
device = "shared";
options = [
"rw"
"nodev"
"relatime"
"nofail"
"dmode=0755"
"fmode=0644"
"uid=${toString config.users.users.${config.mainuser}.uid}"
"gid=${toString config.users.groups.smbuser.gid}"
];
};
"/media/data" = if (device == "AMD-Workstation") then {
# Samba host
fsType = "ntfs";
device = "/dev/disk/by-partuuid/a61ac8ea-53b9-462f-8a93-a5c07b131209";
options = [
# "noatime"
"nofail"
"uid=${toString config.users.users.${config.mainuser}.uid}"
"gid=${toString config.users.groups.smbuser.gid}"
];
} else {
# Linux samba
fsType = "cifs";
device = "//192.168.0.100/data";
options = [
"credentials=${secrets.samba.decrypted}"
"uid=${toString config.users.users.${config.mainuser}.uid}"
"gid=${toString config.users.groups.users.gid}"
"vers=3.0"
"nofail"
"noauto"
"x-systemd.automount"
"x-systemd.mount-timeout=5"
"_netdev"
];
};
# "/media/files" = if (device == "AMD-Workstation") then {
"/media/files" = lib.mkIf (device == "AMD-Workstation") {
# Samba host
fsType = "ntfs";
device = "/dev/mapper/files-veracrypt";
options = [
# "noatime"
"nofail"
"uid=${toString config.users.users.${config.mainuser}.uid}"
"gid=${toString config.users.groups.smbuser.gid}"
];
};
# } else {
# Linux samba
# fsType = "cifs";
# device = "//192.168.0.100/files";
# options = [
# "credentials=${secrets.samba.decrypted}"
# "uid=${toString config.users.users.${config.mainuser}.uid}"
# "gid=${toString config.users.groups.users.gid}"
# "vers=3.0"
# "nofail"
# "noauto"
# "x-systemd.automount"
# "x-systemd.mount-timeout=5"
# "_netdev"
# ];
# };
};
}

1
profiles/overlay.nix
View File

@ -16,7 +16,6 @@ with lib; {
# inputs.nixpkgs-wayland.overlay # inputs.nixpkgs-wayland.overlay
inputs.nix-alien.overlay inputs.nix-alien.overlay
inputs.nur.overlay inputs.nur.overlay
inputs.polymc.overlay
# inputs.nixos-rocm.overlay # inputs.nixos-rocm.overlay
roundcube-plugins roundcube-plugins
(final: prev: (final: prev:

8
profiles/packages/ceserver.nix
View File

@ -2,14 +2,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
pname = "ceserver"; pname = "ceserver";
version = "7.3"; version = "7.4";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "cheat-engine"; owner = "cheat-engine";
repo = "cheat-engine"; repo = "cheat-engine";
rev = version; rev = version;
sha256 = "1f7v2403k2hq8mx3lwdlssfmbmj3kjnhljk5qfzgqyygwz72zqhl"; hash = "sha256-9f4svWpH6kltLQL4w58YPQklLAuLAHMXoVAa4h0jlFk=";
# fetchSubmodules = true;
}; };
buildPhase = '' buildPhase = ''
@ -25,7 +24,4 @@
nativeBuildInputs = [ nativeBuildInputs = [
zlib zlib
]; ];
buildInputs = [
];
} }

57
profiles/samba.nix
View File

@ -1,57 +0,0 @@
{ config, lib, pkgs, ... }:
with config.deviceSpecific; {
users.groups.smbuser.gid = 2001;
# TODO: add nologin shell to this user
users.users.smbuser =
lib.mkIf isHost {
# isNormalUser = false;
isSystemUser = true;
group = "smbuser";
# extraGroups = [
# "smbuser"
# ];
description = "User for samba sharing";
};
services.samba =
lib.mkIf isHost {
enable = true;
enableNmbd = false;
enableWinbindd = false;
invalidUsers = [ "root" ];
nsswins = false;
securityType = "user";
# syncPasswordsByPam = false;
configText = ''
[global]
client min protocol = SMB3_11
server min protocol = SMB3_11
smb encrypt = required
server string = samba home server
server role = standalone server
disable netbios = yes
smb ports = 445
[data]
path = /media/data
browsable = yes
read only = no
force create mode = 0660
force directory mode = 2770
valid users = @smbuser
[files]
path = /media/files
browsable = yes
read only = no
force create mode = 0660
force directory mode = 2770
valid users = @smbuser
'';
};
environment.systemPackages = [
pkgs.cifs-utils
] ++ lib.optionals isHost [
config.services.samba.package
];
}

22
profiles/servers/piped-youtube.nix
View File

@ -1,22 +0,0 @@
{ config, lib, pkgs, ... }:
with config.users.users.${config.mainuser}; with config.users.groups.${group}; {
secrets."cloudflare-ddns-ataraxiadev" = {
owner = "${toString uid}";
# permissions = "400";
};
virtualisation.oci-containers.containers.piped = {
autoStart = true;
environment = {
PUID = toString uid;
PGID = toString gid;
};
extraOptions = [
"--network=host"
"--security-opt=no-new-privileges:true"
];
ports = [ "127.0.0.1:8080:8080" ];
image = "1337kavin/piped:latest";
volumes = [ "${config.secrets.piped-config.decrypted}:/app/config.properties" ];
};
}

54
profiles/servers/stubby.nix
View File

@ -1,54 +0,0 @@
{ config, lib, pkgs, ... }: {
## DNS-over-TLS
services.stubby = {
enable = true;
settings = pkgs.stubby.passthru.settingsExample // {
dnssec = "GETDNS_EXTENSION_TRUE";
listen_addresses = [ "0::1" "127.0.0.1" ];
resolution_type = "GETDNS_RESOLUTION_STUB";
round_robin_upstreams = 1;
tls_authentication = "GETDNS_AUTHENTICATION_REQUIRED";
tls_min_version = "GETDNS_TLS1_3";
upstream_recursive_servers = [
{
address_data = "2620:fe::fe";
tls_auth_name = "dns.quad9.net";
}
{
address_data = "2620:fe::9";
tls_auth_name = "dns.quad9.net";
}
{
address_data = "9.9.9.9";
tls_auth_name = "dns.quad9.net";
}
{
address_data = "149.112.112.112";
tls_auth_name = "dns.quad9.net";
}
{
address_data = "2606:4700:4700::1112";
tls_auth_name = "cloudflare-dns.com";
}
{
address_data = "2606:4700:4700::1002";
tls_auth_name = "cloudflare-dns.com";
}
{
address_data = "1.1.1.2";
tls_auth_name = "cloudflare-dns.com";
}
{
address_data = "1.0.0.2";
tls_auth_name = "cloudflare-dns.com";
}
];
};
};
networking.nameservers = [ "::1" "127.0.0.1" ];
services.resolved = {
enable = true;
fallbackDns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ];
};
}

130
profiles/workspace/i3status-rust/default.nix
View File

@ -1,130 +0,0 @@
{ pkgs, config, lib, ... }:
let
scripts = import ./scripts pkgs config;
thm = config.lib.base16.theme;
in {
home-manager.users.${config.mainuser} = {
# xsession.windowManager.i3.config.bars = [{
wayland.windowManager.sway.config.bars = [{
id = "default";
position = "top";
statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-top.toml";
workspaceNumbers = false;
fonts = {
names = [ "${thm.fonts.mono.family}" "${thm.fonts.icon.family}" "${thm.fonts.iconFallback.family}" ];
style = "Regular";
size = thm.fontSizes.micro.float;
};
colors = let
default = {
background = "#${thm.base00-hex}";
border = "#${thm.base00-hex}";
};
in {
background = "#${thm.base00-hex}";
statusline = "#${thm.base05-hex}";
separator = "#${thm.base02-hex}";
focusedWorkspace = default // { text = "#${thm.base08-hex}"; };
activeWorkspace = default // { text = "#${thm.base0B-hex}"; };
inactiveWorkspace = default // { text = "#${thm.base05-hex}"; };
urgentWorkspace = default // { text = "#${thm.base09-hex}"; };
bindingMode = default // { text = "#${thm.base0A-hex}"; };
};
}];
programs.i3status-rust = {
enable = true;
bars.top = {
settings = {
theme = {
name = "solarized-dark";
overrides = {
idle_bg = "#${thm.base00-hex}";
idle_fg = "#${thm.base05-hex}";
info_bg = "#${thm.base0C-hex}";
info_fg = "#${thm.base00-hex}";
good_bg = "#${thm.base0B-hex}";
good_fg = "#${thm.base00-hex}";
warning_bg = "#${thm.base0A-hex}";
warning_fg = "#${thm.base00-hex}";
critical_bg = "#${thm.base08-hex}";
critical_fg = "#${thm.base00-hex}";
};
};
icons = {
name = "awesome5";
overrides = {
backlight_empty = " 🌑 ";
backlight_full = " 🌕 ";
backlight_partial1 = " 🌘 ";
backlight_partial2 = " 🌗 ";
backlight_partial3 = " 🌖 ";
cpu = "";
net_wired = "";
net_wireless = "";
};
};
};
blocks = [
{
block = "net";
device = if config.device == "Dell-Laptop" then
"wlo1"
else if config.device == "AMD-Workstation" then
"enp9s0"
else "";
}
] ++ lib.optionals config.deviceSpecific.isLaptop [
{
block = "battery";
interval = 10;
format = "{percentage} {time}";
}
{
block = "backlight";
}
] ++ [
{
block = "custom";
command = "${scripts.weather}";
interval = 600;
}
{
block = "sound";
driver = "auto";
}
{
block = "temperature";
# collapsed = false;
chip = if config.device == "Dell-Laptop" then
"*-isa-*"
else if config.device == "AMD-Workstation" then
"*-pci-*"
else "*-pci-*";
}
{
block = "cpu";
interval = 1;
format = "{utilization} {frequency}";
}
{
block = "custom";
command = "${scripts.df}";
interval = 60;
}
{
block = "memory";
display_type = "memory";
format_mem = "{mem_avail;G}";
format_swap = "{swap_free;G}";
}
{
block = "time";
interval = 1;
format = "%a %Y/%m/%d %T";
}
];
};
};
};
}

4
profiles/workspace/i3status-rust/scripts/cputemp.nix
View File

@ -1,4 +0,0 @@
{ iconfont, ... }: ''
#!/usr/bin/env bash
echo `sensors | egrep Package | awk '{print $4}'`
''

21
profiles/workspace/i3status-rust/scripts/default.nix
View File

@ -1,21 +0,0 @@
p: c:
with p;
let
writeScript = name: script:
writeTextFile {
inherit name;
text = callPackage script {
iconfont = c.lib.base16.theme.fonts.icon.family;
config = c;
};
executable = true;
checkPhase =
"${bash}/bin/bash -n $src || ${python3}/bin/python3 -m compileall $src";
};
in
builtins.mapAttrs writeScript {
cputemp = ./cputemp.nix;
weather = ./weather.nix;
df = ./df.nix;
vpn-status = ./vpn-status.nix;
}

4
profiles/workspace/i3status-rust/scripts/df.nix
View File

@ -1,4 +0,0 @@
{ iconfont, ... }: ''
#!/usr/bin/env bash
echo '<span font="${iconfont} Solid"></span>' `(doas btrfs fi usage / | head -n7 | tail -n1 | awk '{print $3}')`
''

9
profiles/workspace/i3status-rust/scripts/vpn-status.nix
View File

@ -1,9 +0,0 @@
{ curl, iconfont, ... }: ''
#!/usr/bin/env bash
API="$(${curl}/bin/curl https://am.i.mullvad.net/connected)"
if [[ $(echo "$API" | awk -F'[ ()]+' '{print $6}') = 'server' ]]; then
echo '<span font="${iconfont} Solid"></span>' `(echo "$API" | awk -F'[ ()]+' '{print $7}')`
else
echo '<span font="${iconfont} Solid"></span>' 'Not connected'
fi
''

8
profiles/workspace/i3status-rust/scripts/weather.nix
View File

@ -1,8 +0,0 @@
{ curl, config, ... }: ''
#!/usr/bin/env bash
${curl}/bin/curl wttr.in/Volzhskiy\?format=3 | awk -F": " '{print $2}'
if [[ $BLOCK_BUTTON == 1 ]]
then
${config.defaultApplications.term.cmd} --hold -e "${curl}/bin/curl wttr.in"
fi
''

61
profiles/workspace/picom.nix
View File

@ -1,61 +0,0 @@
{ config, lib, pkgs, ... }:
{
home-manager.users.${config.mainuser} = {
services.picom = {
enable = true;
backend = "glx";
activeOpacity = "0.98";
inactiveOpacity = "0.98";
opacityRule = [
# Disable opacity for fullscreen window
"100:_NET_WM_STATE@[0]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[1]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[2]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[3]:32a = '_NET_WM_STATE_FULLSCREEN'"
"100:_NET_WM_STATE@[4]:32a = '_NET_WM_STATE_FULLSCREEN'"
# Disable drawing underlying tabbed windows
"0:_NET_WM_STATE@[0]:32a *= '_NET_WM_STATE_HIDDEN'"
"0:_NET_WM_STATE@[1]:32a *= '_NET_WM_STATE_HIDDEN'"
"0:_NET_WM_STATE@[2]:32a *= '_NET_WM_STATE_HIDDEN'"
"0:_NET_WM_STATE@[3]:32a *= '_NET_WM_STATE_HIDDEN'"
"0:_NET_WM_STATE@[4]:32a *= '_NET_WM_STATE_HIDDEN'"
# Other rules
"100:class_i ?= 'vivaldi-stable'"
"100:class_g = 'mpv'"
"100:class_g = 'explorer.exe'"
"100:class_g = '.scrcpy-wrapped'"
"100:class_g = 'Minecraft* 1.17.1'"
"100:class_g = 'steam_app_220200'"
"100:class_g = 'Picture in picture'"
"100:class_g = 'Pinta' && focused"
"95:class_g = 'URxvt' && focused"
"95:class_g = 'alacritty' && focused"
"95:class_g = 'kitty' && focused"
"85:class_g = 'URxvt' && !focused"
"85:class_g = 'alacritty' && !focused"
"85:class_g = 'kitty' && !focused"
];
blur = true;
blurExclude = [
"_NET_WM_STATE@:32a *= '_NET_WM_STATE_HIDDEN'"
"class_g = 'i3-frame'"
"class_g = 'slop'"
];
shadow = false;
vSync = true;
experimentalBackends = true;
extraOptions = ''
blur-method = "gaussian";
blur-size = 10;
blur-deviation = 5.0;
# blur:
# {
# method = "gaussian";
# size = 10;
# deviation = 5.0;
# };
unredir-if-possible = false;
'';
};
};
}

4
profiles/workspace/zsh/default.nix
View File

@ -73,8 +73,6 @@
"atree" = "${pkgs.exa}/bin/exa -aT"; "atree" = "${pkgs.exa}/bin/exa -aT";
"latree" = "${pkgs.exa}/bin/exa -lahgFT@ --git"; "latree" = "${pkgs.exa}/bin/exa -lahgFT@ --git";
# "gif2webm" = "(){ ${pkgs.ffmpeg.bin}/bin/ffmpeg -i $1 -c:v libvpx-vp9 -crf 20 -b:v 0 $1.webm ;}"; # "gif2webm" = "(){ ${pkgs.ffmpeg.bin}/bin/ffmpeg -i $1 -c:v libvpx-vp9 -crf 20 -b:v 0 $1.webm ;}";
"hpc" = "bluetoothctl connect D8:37:3B:60:5D:55";
"hpd" = "bluetoothctl disconnect D8:37:3B:60:5D:55";
}; };
initExtra = '' initExtra = ''
rga-fzf() { rga-fzf() {
@ -108,4 +106,6 @@
}; };
}; };
}; };
persist.state.homeFiles = [ ".local/share/zsh/history" ];
} }

3
roles/desktop.nix
View File

@ -7,10 +7,8 @@
xray xray
applications-setup applications-setup
filesystems
hardware hardware
mullvad mullvad
samba
services services
sound sound
themes themes
@ -27,7 +25,6 @@
mpv mpv
# ncmpcpp # ncmpcpp
packages packages
piper
rofi rofi
spotify spotify
steam steam