feat: add env to fix in game resolution problems

feat: add freerdp to andromedae
feat: update proxy configurations
2025-08-21 04:55:50 +03:00 · 2025-08-21 04:55:18 +03:00 · 2025-08-21 04:41:33 +03:00 · 2025-08-21 04:41:22 +03:00 · 2025-08-21 04:41:01 +03:00 · 2025-08-21 04:39:24 +03:00
27 changed files with 1303 additions and 426 deletions
--- a/flake.lock
+++ b/flake.lock
--- a/flake.nix
+++ b/flake.nix
@ -42,6 +42,7 @@
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    hyprland.url = "github:hyprwm/Hyprland";
    impermanence.url = "github:nix-community/impermanence";
    lix = {
      url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz";
@ -52,6 +53,10 @@
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.lix.follows = "lix";
    };
+    lsfg-vk = {
+      url = "github:pabloaul/lsfg-vk-flake/main";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    nix-index-database = {
      url = "github:nix-community/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
@ -60,6 +65,7 @@
      url = "github:nix-community/nix-vscode-extensions";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    prismlauncher.url = "github:AtaraxiaSjel/PrismLauncher";
    quadlet-nix.url = "github:SEIAROTg/quadlet-nix";
    sops-nix = {
      url = "github:Mic92/sops-nix";
@ -249,7 +255,7 @@
                  hostname = "10.10.10.101";
                };
                redshift = {
-                  hostname = "104.164.54.197";
+                  hostname = "217.147.15.227";
                  fastConnection = false;
                  sshOpts = [
                    "-p"
--- a/hosts/andromedae/default.nix
+++ b/hosts/andromedae/default.nix
@ -8,13 +8,16 @@
 let
  inherit (lib) mkForce;
  defaultUser = config.ataraxia.defaults.users.defaultUser;
+  hyprPkgs = inputs.hyprland.packages.${pkgs.hostPlatform.system};
 in
 {
  imports = [
    ./hardware-configuration.nix
    ./boot.nix
+    ./samba.nix

    inputs.catppuccin.nixosModules.catppuccin
+    inputs.lsfg-vk.nixosModules.default
  ];
  catppuccin.enable = true;
  catppuccin.accent = "mauve";
@ -67,17 +70,19 @@ in
    ataraxia.defaults.role = "desktop";
    ataraxia.programs.lutris.enable = true;
    ataraxia.programs.mangohud.enable = true;
+    ataraxia.programs.umu-launcher.enable = true;
    ataraxia.services.modprobed-db.enable = true;
    ataraxia.theme.catppuccin.enable = true;

    wayland.windowManager.hyprland.settings = {
-      # TODO: Remove after flickering is fixed
-      # misc.vrr = lib.mkForce 0;
      monitor = mkForce [
        "DP-3,2560x1440@164.998993,0x0,1"
        "HDMI-A-1,1920x1080@60,-1920x360,1"
        ",highres,auto,1"
      ];
+      env = {
+        WAYLANDDRV_PRIMARY_MONITOR = "DP-3";
+      };
      exec-once = [
        "${pkgs.xorg.xrandr}/bin/xrandr --output DP-3 --primary"
      ];
@ -85,6 +90,7 @@ in

    home.packages = with pkgs; [
      devenv
+      freerdp
      llama-cpp
      nh
      nix-diff
@ -109,7 +115,7 @@ in
      modprobed-db
      # packwiz
      # piper
-      # prismlauncher
+      prismlauncher
      # radeontop
      # streamrip
      # wayvnc
@ -117,10 +123,16 @@ in
      # yt-archivist
    ];

+    home.sessionVariables = {
+      WAYLANDDRV_PRIMARY_MONITOR = "DP-3";
+    };
+
    persist.state.directories = [
      ".config/image-updater"
+      ".config/lsfg-vk"
      ".config/sops/age"
      ".config/WarThunder"
+      ".local/share/PrismLauncher"
      "nixos-config"
      "projects"
    ];
@ -135,7 +147,7 @@ in
    wal_recycle = "off";
  };

-  # ataraxia.virtualisation.docker = true;
+  ataraxia.virtualisation.docker = true;
  ataraxia.virtualisation.libvirt = true;
  ataraxia.virtualisation.podman = true;

@ -155,10 +167,14 @@ in
  ];

  # Mesa from unstable channel
-  hardware.graphics.package = pkgs.mesaUnstable;
-  hardware.graphics.package32 = pkgs.mesaUnstablei686;
-  programs.hyprland.package = pkgs.hyprlandUnstable;
-  programs.hyprland.portalPackage = pkgs.hyprlandPortalUnstable;
+  # hardware.graphics.package = pkgs.mesaUnstable;
+  # hardware.graphics.package32 = pkgs.mesaUnstablei686;
+  # programs.hyprland.package = pkgs.hyprlandUnstable;
+  # programs.hyprland.portalPackage = pkgs.hyprlandPortalUnstable;
+  programs.hyprland.package = hyprPkgs.hyprland;
+  programs.hyprland.portalPackage = hyprPkgs.xdg-desktop-portal-hyprland;
+  services.lsfg-vk.enable = true;
+  services.lsfg-vk.ui.enable = true;

  # Auto-mount lan nfs share
  fileSystems = {
--- a/hosts/andromedae/samba.nix
+++ b/hosts/andromedae/samba.nix
@ -0,0 +1,42 @@
+{ ... }:
+{
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      global = {
+        "workgroup" = "WORKGROUP";
+        "server string" = "smbnix";
+        "netbios name" = "smbnix";
+        "security" = "user";
+        #"use sendfile" = "yes";
+        #"max protocol" = "smb2";
+        # note: localhost is the ipv6 localhost ::1
+        "hosts allow" = "10.10.10. 127.0.0.1 localhost";
+        "hosts deny" = "0.0.0.0/0";
+        "guest account" = "ataraxia";
+        "map to guest" = "bad user";
+      };
+      "extra" = {
+        "path" = "/run/media/ataraxia/Extra/Anomaly";
+        "browseable" = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "ataraxia";
+        "force group" = "users";
+      };
+      "gamma" = {
+        "path" = "/media/games/Anomaly-Gamma";
+        "browseable" = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "ataraxia";
+        "force group" = "users";
+      };
+    };
+  };
+}
--- a/hosts/blueshift/default.nix
+++ b/hosts/blueshift/default.nix
@ -154,6 +154,8 @@
      };
    };
  };
+  ataraxia.services.tor.enableRelay = true;
+  ataraxia.services.tor.relayPort = 32910;

  system.stateVersion = "24.11";
 }
--- a/hosts/blueshift/services.nix
+++ b/hosts/blueshift/services.nix
@ -37,12 +37,12 @@ in
    let
      nginx = {
        sopsFile = secretsDir + /blueshift/nginx.yaml;
-        restartUnits = [ "podman-nginx.service" ];
+        restartUnits = [ "nginx.service" ];
      };
      marzban = {
        format = "dotenv";
        sopsFile = secretsDir + /blueshift/marzban.env;
-        restartUnits = [ "podman-marzban.service" ];
+        restartUnits = [ "marzban.service" ];
      };
    in
    {
@ -52,22 +52,25 @@ in
      inherit marzban;
    };

-  virtualisation.oci-containers.containers = {
+  virtualisation.quadlet.containers = {
    marzban = {
      autoStart = true;
+      containerConfig = {
        # Tags: v0.8.4
        image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
        environmentFiles = [ marzban-env ];
-      extraOptions = [ "--network=host" ];
+        networks = [ "host" ];
        volumes = [
          "/srv/marzban:/var/lib/marzban"
        ];
      };
+    };
    nginx = {
      autoStart = true;
+      containerConfig = {
        # Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
        image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
-      extraOptions = [ "--network=host" ];
+        networks = [ "host" ];
        volumes = [
          "${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
          "${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
@ -75,6 +78,7 @@ in
        ];
      };
    };
+  };

  systemd.tmpfiles.rules = [
    "d ${cfgOcis.configDir} 0700 ${cfgOcis.user} ${cfgOcis.group} -"
--- a/hosts/orion/default.nix
+++ b/hosts/orion/default.nix
@ -1,11 +1,13 @@
 {
+  config,
  lib,
  pkgs,
  inputs,
  ...
 }:
 let
-  inherit (lib) concatLists unique;
+  inherit (lib) concatLists unique recursiveUpdate;
+  nginx = config.ataraxia.services.nginx;
 in
 {
  imports = [
@ -113,7 +115,9 @@ in

  ataraxia.containers.filestash.enable = true;
  ataraxia.containers.media-stack.enable = true;
+  ataraxia.containers.sing-box-filter.enable = true;
  ataraxia.containers.tinyproxy.enable = true;
+  ataraxia.containers.tor.enable = true;
  ataraxia.security.acme.enable = true;
  ataraxia.services.authentik.enable = true;
  ataraxia.services.gitea.enable = true;
@ -166,6 +170,15 @@ in
    )
  );

+  services.nginx.virtualHosts = {
+    "incus.ataraxiadev.com" = recursiveUpdate nginx.defaultSettings {
+      locations."/" = {
+        proxyPass = "https://10.10.10.5:8443";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
  ataraxia.virtualisation.guests = {
    omv = {
      autoStart = true;
@ -175,5 +188,7 @@ in
    };
  };

+  networking.firewall.allowedTCPPorts = [ 9050 ];
+
  system.stateVersion = "25.05";
 }
--- a/hosts/redshift/default.nix
+++ b/hosts/redshift/default.nix
@ -48,12 +48,12 @@
    disableIPv6 = true;
    domain = "wg.ataraxiadev.com";
    ifname = "enp0s18";
-    mac = "bc:24:11:99:d5:2f";
+    mac = "bc:24:11:33:ea:74";
    bridge.enable = true;
    ipv4 = [
      {
-        address = "104.164.54.197/24";
-        gateway = "104.164.54.1";
+        address = "217.147.15.227/24";
+        gateway = "217.147.15.1";
        dns = [
          "9.9.9.9"
          "149.112.112.112"
@ -154,6 +154,8 @@
      };
    };
  };
+  ataraxia.services.tor.enableRelay = true;
+  ataraxia.services.tor.relayPort = 18342;

-  system.stateVersion = "24.11";
+  system.stateVersion = "25.05";
 }
--- a/hosts/redshift/services.nix
+++ b/hosts/redshift/services.nix
@ -38,12 +38,12 @@ in
    let
      nginx = {
        sopsFile = secretsDir + /redshift/nginx.yaml;
-        restartUnits = [ "podman-nginx.service" ];
+        restartUnits = [ "nginx.service" ];
      };
      marzban = {
        format = "dotenv";
        sopsFile = secretsDir + /redshift/marzban.env;
-        restartUnits = [ "podman-marzban.service" ];
+        restartUnits = [ "marzban.service" ];
      };
    in
    {
@ -53,22 +53,25 @@ in
      inherit marzban;
    };

-  virtualisation.oci-containers.containers = {
+  virtualisation.quadlet.containers = {
    marzban = {
      autoStart = true;
+      containerConfig = {
        # Tags: v0.8.4
        image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
        environmentFiles = [ marzban-env ];
-      extraOptions = [ "--network=host" ];
+        networks = [ "host" ];
        volumes = [
          "/srv/marzban:/var/lib/marzban"
        ];
      };
+    };
    nginx = {
      autoStart = true;
+      containerConfig = {
        # Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
        image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
-      extraOptions = [ "--network=host" ];
+        networks = [ "host" ];
        volumes = [
          "${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
          "${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
@ -76,6 +79,7 @@ in
        ];
      };
    };
+  };

  systemd.tmpfiles.rules = [
    "d ${cfgOcis.configDir} 0700 ${cfgOcis.user} ${cfgOcis.group} -"
--- a/hosts/vega/default.nix
+++ b/hosts/vega/default.nix
@ -6,6 +6,7 @@
 }:
 let
  defaultUser = config.ataraxia.defaults.users.defaultUser;
+  hyprPkgs = inputs.hyprland.packages.${pkgs.hostPlatform.system};
 in
 {
  imports = [
@ -87,10 +88,12 @@ in
  };

  # Mesa from unstable channel
-  hardware.graphics.package = pkgs.mesaUnstable;
-  hardware.graphics.package32 = pkgs.mesaUnstablei686;
-  programs.hyprland.package = pkgs.hyprlandUnstable;
-  programs.hyprland.portalPackage = pkgs.hyprlandPortalUnstable;
+  # hardware.graphics.package = pkgs.mesaUnstable;
+  # hardware.graphics.package32 = pkgs.mesaUnstablei686;
+  # programs.hyprland.package = pkgs.hyprlandUnstable;
+  # programs.hyprland.portalPackage = pkgs.hyprlandPortalUnstable;
+  programs.hyprland.package = hyprPkgs.hyprland;
+  programs.hyprland.portalPackage = hyprPkgs.xdg-desktop-portal-hyprland;

  # Auto-mount lan nfs share
  fileSystems = {
--- a/modules/home/applications/games/umu-launcher.nix
+++ b/modules/home/applications/games/umu-launcher.nix
@ -0,0 +1,20 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib) mkEnableOption mkIf;
+  cfg = config.ataraxia.programs.umu-launcher;
+in
+{
+  options.ataraxia.programs.umu-launcher = {
+    enable = mkEnableOption "Enable umu-launcher program";
+  };
+
+  config = mkIf cfg.enable {
+    home.packages = with pkgs; [ umu-launcher ];
+    persist.state.directories = [ ".local/share/umu" ];
+  };
+}
--- a/modules/home/applications/vesktop.nix
+++ b/modules/home/applications/vesktop.nix
@ -0,0 +1,34 @@
+{ config, lib, ... }:
+let
+  inherit (lib) mkEnableOption mkIf;
+  cfg = config.ataraxia.programs.vesktop;
+in
+{
+  options.ataraxia.programs.vesktop = {
+    enable = mkEnableOption "Enable vesktop program";
+  };
+
+  config = mkIf cfg.enable {
+    programs.vesktop.enable = true;
+    programs.vesktop.settings = {
+      # appBadge = false;
+      # arRPC = true;
+      # checkUpdates = false;
+      # customTitleBar = false;
+      # disableMinSize = true;
+      minimizeToTray = true;
+      # tray = false;
+      # splashBackground = "#000000";
+      # splashColor = "#ffffff";
+      # splashTheming = true;
+      # staticTitle = true;
+      hardwareAcceleration = true;
+      discordBranch = "canary";
+    };
+    # programs.vesktop.vencord.settings = {};
+    # programs.vesktop.vencord.themes = {};
+    # programs.vesktop.vencord.useSystem = false;
+
+    persist.state.directories = [ ".config/vesktop" ];
+  };
+}
--- a/modules/home/applications/vscode.nix
+++ b/modules/home/applications/vscode.nix
@ -49,7 +49,7 @@ in
          with ext-market;
          [
            aaron-bond.better-comments
-            catppuccin.catppuccin-vsc-icons
+            # catppuccin.catppuccin-vsc-icons
            christian-kohler.path-intellisense
            codezombiech.gitignore
            eamodio.gitlens
--- a/modules/home/applications/walker.nix
+++ b/modules/home/applications/walker.nix
@ -1,7 +1,6 @@
 {
  config,
  lib,
-  pkgs,
  inputs,
  ...
 }:
@ -24,14 +23,11 @@ in

    programs.walker = {
      enable = true;
-      package = pkgs.walker;
-      runAsService = false;
+      runAsService = true;
      config = {
        websearch.prefix = "?";
        switcher.prefix = "/";
      };
    };
-
-    startupApplications = [ "${getExe config.programs.walker.package} --gapplication-service" ];
  };
 }
--- a/modules/home/roles/default.nix
+++ b/modules/home/roles/default.nix
@ -92,6 +92,7 @@ in
        ataraxia.programs.spotify.enable = mkDefault true;
        ataraxia.programs.telegram.enable = mkDefault true;
        ataraxia.programs.thunderbird.enable = mkDefault true;
+        ataraxia.programs.vesktop.enable = mkDefault true;
        ataraxia.programs.vscode.enable = mkDefault true;
        ataraxia.programs.walker.enable = mkDefault true;
        ataraxia.programs.zathura.enable = mkDefault true;
--- a/modules/home/theme/catppuccin.nix
+++ b/modules/home/theme/catppuccin.nix
@ -8,6 +8,7 @@
 let
  inherit (lib)
    mkEnableOption
+    mkForce
    mkIf
    mkMerge
    mkOption
@ -115,7 +116,7 @@ in
        };
        iconTheme = {
          name = "Papirus-Dark";
-          package = pkgs.catppuccin-papirus-folders.override { inherit (cfg) accent flavor; };
+          package = mkForce (pkgs.catppuccin-papirus-folders.override { inherit (cfg) accent flavor; });
        };
        font = {
          package = config.theme.fonts.sans.package;
--- a/modules/home/workspace/wayland/waybar.nix
+++ b/modules/home/workspace/wayland/waybar.nix
@ -25,8 +25,7 @@ in
          layer = "top";
          position = "top";
          # margin = "8 8 0 8";
-          modules-left =
-            [
+          modules-left = [
            "hyprland/workspaces"
            "wireplumber"
          ]
--- a/modules/nixos/applications/steam.nix
+++ b/modules/nixos/applications/steam.nix
@ -16,6 +16,8 @@ in
  };

  config = mkIf cfg.enable {
+    boot.kernelModules = [ "ntsync" ];
+
    programs.gamemode.enable = true;
    programs.gamescope.enable = true;
    programs.gamescope.capSysNice = false;
--- a/modules/nixos/containers/sing-box-filter.nix
+++ b/modules/nixos/containers/sing-box-filter.nix
@ -0,0 +1,157 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  inherit (lib) mkEnableOption mkIf;
+  inherit (config.virtualisation.quadlet) networks;
+
+  cfg = config.ataraxia.containers.sing-box-filter;
+
+  # Exclude almost all european countries (and some more)
+  filter-countries = "!EU,!AL,!AD,!BY,!BA,!GB,!CH,!IS,!LI,!MD,!MC,!ME,!MK,!NO,!RU,!SM,!RS,!UA,!VA,!XK,!US,!CN,!IR,!PK";
+  filter-protocols = "vless,ss";
+  geoip-db = "https://git.io/GeoLite2-Country.mmdb";
+  proxy-list = "https://raw.githubusercontent.com/ebrasha/free-v2ray-public-list/refs/heads/main/V2Ray-Config-By-EbraSha.txt";
+  dockerfile = pkgs.writeText "Dockerfile.sing-box" ''
+    ARG sing_box_ver="1.12.1"
+    ARG alpine_ver="3.22"
+    ARG processor_ver="0.1.1"
+
+    FROM ghcr.io/sagernet/sing-box:v''${sing_box_ver} AS sing-box
+    FROM ataraxiadev/proxy-processor:''${processor_ver} as proxy-filter
+
+    FROM alpine:''${alpine_ver}
+    COPY --from=sing-box /usr/local/bin/sing-box /bin/sing-box
+    COPY --from=proxy-filter /bin/proxy-filter-cli /bin/proxy-filter-cli
+    WORKDIR /app
+    ENTRYPOINT ["/app/entrypoint.sh"]
+  '';
+  entrypoint = pkgs.writeScript "singbox-entrypoint" ''
+    #!/bin/ash
+    set -euo pipefail
+
+    mkdir -p /etc/sing-box
+    mkdir -p /var/lib/sing-box
+    cp /app/sing-box.json /etc/sing-box/config.json
+
+    echo "0 * * * * /app/update.sh" > /var/spool/cron/crontabs/root
+    /app/update.sh &
+    crond -f
+  '';
+  sing-box-update = pkgs.writeScript "singbox-update" ''
+    #!/bin/ash
+    set -euo pipefail
+
+    if [ $(pgrep "update.sh" | wc -l) -gt 2 ]; then
+        exit 0
+    fi
+    echo "Update proxy list..."
+    proxy-filter-cli -i ${proxy-list} -o outbounds.json --geoip ${geoip-db} -t ${filter-protocols} -c '${filter-countries}' -f sing-box
+    cp outbounds.json /etc/sing-box/outbound.json
+    echo "Update proxy list finished..."
+    if pgrep "sing-box"; then
+        echo "Stopping sing-box process..."
+        pkill -f sing-box
+    fi
+    echo "Starting sing-box process..."
+    sing-box -D /var/lib/sing-box -C /etc/sing-box run &
+  '';
+  singbox-config = pkgs.writeText "singbox-entrypoint" ''
+    {
+      "log": {
+        "level": "warn",
+        "timestamp": true
+      },
+      "dns": {
+        "strategy": "ipv4_only",
+        "disable_cache": true,
+        "disable_expire": true,
+        "servers": [{
+          "tag": "local-dns",
+          "type": "udp",
+          "server": "10.10.10.1"
+        }]
+      },
+      "inbounds": [{
+        "type": "mixed",
+        "tag": "mixed-in",
+        "domain_strategy": "ipv4_only",
+        "listen": "0.0.0.0",
+        "listen_port": 2080,
+        "tcp_fast_open": false
+      }],
+      "outbounds": [{
+        "type": "direct",
+        "tag": "direct-out"
+      }],
+      "route": {
+        "rules": [{
+          "action": "resolve",
+          "strategy": "prefer_ipv4"
+        }, {
+          "action": "sniff"
+        }, {
+          "protocol": "dns",
+          "action": "hijack-dns"
+        }, {
+          "outbound": "direct-out",
+          "ip_is_private": true
+        }],
+        "final": "urltest-out",
+        "auto_detect_interface": true
+      },
+      "experimental": {
+        "clash_api": {
+          "external_controller": "0.0.0.0:9090",
+          "external_ui": "ui",
+          "external_ui_download_url": "https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip",
+          "external_ui_download_detour": "direct-out"
+        },
+        "cache_file": {
+          "enabled": true
+        }
+      }
+    }
+  '';
+in
+{
+  options.ataraxia.containers.sing-box-filter = {
+    enable = mkEnableOption "Enable sing-box-filter container";
+  };
+
+  config = mkIf cfg.enable {
+    virtualisation.quadlet = {
+      builds.sing-box-filter = {
+        autoStart = true;
+        buildConfig = {
+          file = toString dockerfile;
+          tag = "sing-box-filter:latest";
+          # globalArgs = [ "--build-args=" ];
+        };
+      };
+      containers.sing-box-filter = {
+        autoStart = true;
+        containerConfig = {
+          image = config.virtualisation.quadlet.builds.sing-box-filter.ref;
+          networks = [ networks.br-services.ref ];
+          publishPorts = [
+            "0.0.0.0:2080:2080/tcp"
+            "0.0.0.0:2081:9090/tcp"
+          ];
+          volumes = [
+            "${entrypoint}:/app/entrypoint.sh:ro"
+            "${sing-box-update}:/app/update.sh:ro"
+            "${singbox-config}:/app/sing-box.json:ro"
+          ];
+        };
+      };
+    };
+    networking.firewall.allowedTCPPorts = [
+      2080
+      2081
+    ];
+  };
+}
--- a/modules/nixos/containers/tinyproxy.nix
+++ b/modules/nixos/containers/tinyproxy.nix
@ -2,6 +2,7 @@
  config,
  lib,
  secretsDir,
+  inputs,
  ...
 }:
 let
@ -31,6 +32,11 @@ in
      config =
        { pkgs, ... }:
        {
+          nixpkgs.overlays = [
+            (_final: _prev: {
+              sing-box = inputs.ataraxiasjel-nur.packages.${pkgs.hostPlatform.system}.sing-box-extended;
+            })
+          ];
          environment.systemPackages = with pkgs; [
            dnsutils
            kitty.terminfo
--- a/modules/nixos/containers/tor.nix
+++ b/modules/nixos/containers/tor.nix
@ -0,0 +1,74 @@
+{
+  config,
+  lib,
+  pkgs,
+  secretsDir,
+  ...
+}:
+let
+  inherit (lib) mkEnableOption mkIf;
+  inherit (config.virtualisation.quadlet) networks;
+
+  cfg = config.ataraxia.containers.tor;
+  dockerfile = pkgs.writeText "Dockerfile.tor" ''
+    FROM alpine:3
+
+    LABEL name="tor-socks-proxy"
+    LABEL version="latest"
+
+    RUN echo '@edge https://dl-cdn.alpinelinux.org/alpine/edge/community' >> /etc/apk/repositories && \
+        echo '@edge https://dl-cdn.alpinelinux.org/alpine/edge/testing'   >> /etc/apk/repositories && \
+        apk -U upgrade && \
+        apk -v add tor@edge lyrebird@edge curl && \
+        chmod 700 /var/lib/tor && \
+        rm -rf /var/cache/apk/* && \
+        tor --version
+
+    RUN echo -e "HardwareAccel 1\nLog notice stdout\nDNSPort 0.0.0.0:8853\nSocksPort 0.0.0.0:9150\nDataDirectory /var/lib/tor" > /etc/tor/torrc && \
+        chown tor:root /etc/tor/torrc
+
+    HEALTHCHECK --timeout=30s --start-period=60s \
+        CMD curl --fail --socks5-hostname localhost:9150 -I -L 'https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion' || exit 1
+
+    USER tor
+    EXPOSE 8853/udp 9150/tcp
+
+    CMD ["/usr/bin/tor", "-f", "/etc/tor/torrc"]
+  '';
+in
+{
+  options.ataraxia.containers.tor = {
+    enable = mkEnableOption "Enable tor client container";
+  };
+
+  config = mkIf cfg.enable {
+    sops.secrets.tor-container.sopsFile = secretsDir + /proxy.yaml;
+    sops.secrets.tor-container.mode = "0444";
+    virtualisation.quadlet = {
+      builds.tor-proxy = {
+        autoStart = true;
+        buildConfig = {
+          file = toString dockerfile;
+          tag = "tor-socks-proxy:latest";
+        };
+      };
+      containers.tor-proxy = {
+        autoStart = true;
+        containerConfig = {
+          exec = "sh -c 'cat /home/torrc-extra >> /etc/tor/torrc && /usr/bin/tor -f /etc/tor/torrc'";
+          image = config.virtualisation.quadlet.builds.tor-proxy.ref;
+          networks = [ networks.br-services.ref ];
+          publishPorts = [
+            "0.0.0.0:9150:9150/tcp"
+            "0.0.0.0:8853:8853/udp"
+          ];
+          volumes = [
+            "${config.sops.secrets.tor-container.path}:/home/torrc-extra:ro"
+          ];
+        };
+      };
+    };
+    networking.firewall.allowedTCPPorts = [ 9150 ];
+    networking.firewall.allowedUDPPorts = [ 8853 ];
+  };
+}
--- a/modules/nixos/persist/default.nix
+++ b/modules/nixos/persist/default.nix
@ -109,8 +109,7 @@ in
        "/var/cache"
      ];
      persist.state = {
-        directories =
-          [
+        directories = [
          "/var/lib/nixos"
          "/var/lib/systemd"
        ]
--- a/modules/nixos/services/tor.nix
+++ b/modules/nixos/services/tor.nix
@ -0,0 +1,36 @@
+{ config, lib, ... }:
+let
+  inherit (lib) mkEnableOption mkIf mkOption;
+  inherit (lib.types) int;
+
+  cfg = config.ataraxia.services.tor;
+in
+{
+  options.ataraxia.services.tor = {
+    enable = mkEnableOption "Enable tor service client";
+    enableRelay = mkEnableOption "Enable tor service bridge";
+    relayPort = mkOption {
+      type = int;
+      description = "Bridge listen port";
+    };
+  };
+
+  config = mkIf (cfg.enable || cfg.enableRelay) {
+    services.tor = {
+      enable = true;
+      client.enable = cfg.enable;
+      relay.enable = cfg.enableRelay;
+      relay.role = "private-bridge";
+      settings = mkIf cfg.enableRelay {
+        ContactInfo = "admin@ataraxiadev.com";
+        Nickname = config.networking.hostName;
+        ORPort = 42891;
+        ServerTransportListenAddr = "obfs4 0.0.0.0:${toString cfg.relayPort}";
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ cfg.relayPort ];
+
+    persist.state.directories = [ "/var/lib/tor" ];
+  };
+}
--- a/modules/nixos/virtualisation/virtualisation.nix
+++ b/modules/nixos/virtualisation/virtualisation.nix
@ -24,6 +24,8 @@ in
  };

  config = mkIf (cfg.docker || cfg.libvirt || cfg.podman) {
+    boot.enableContainers = true;
+
    virtualisation = {
      oci-containers.backend = if (!cfg.podman && cfg.docker) then "docker" else "podman";
      docker = {
@ -38,6 +40,7 @@ in
      podman = {
        enable = cfg.podman;
        defaultNetwork.settings.dns_enabled = true;
+        dockerCompat = !config.virtualisation.docker.enable;
        dockerSocket.enable = !config.virtualisation.docker.enable;
      };
      containers.containersConf.settings = {
@ -98,8 +101,6 @@ in
      };
    };

-    boot.enableContainers = true;
-
    environment.systemPackages =
      [ ]
      ++ optionals cfg.docker [ pkgs.docker-compose ]
@ -116,8 +117,7 @@ in

    networking.firewall = {
      trustedInterfaces = mkIf cfg.libvirt [ "virbr0" ];
-      interfaces =
-        {
+      interfaces = {
        "podman*".allowedUDPPorts = mkIf cfg.podman [
          53
          5353
@ -138,18 +138,26 @@ in
      "/var/lib/libvirt"
      "/var/lib/containers"
    ];
+    persist.state.files = [
+      "/etc/subuid"
+      "/etc/subgid"
+    ];

    home-manager = mkIf useHomeManager {
      users.${defaultUser} = {
-        home.file.".config/containers/storage.conf".text = ''
+        home.file.".config/containers/storage.conf".text = mkIf cfg.podman ''
          [storage]
          driver = "overlay"
        '';
-        home.file.".config/libvirt/libvirt.conf".text = ''
+        home.file.".config/libvirt/libvirt.conf".text = mkIf cfg.libvirt ''
          uri_default = "qemu:///system"
        '';
-        persist.state.directories = [
+        persist.state.directories = mkIf cfg.podman [
          ".config/containers"
+          {
+            directory = ".local/share/containers";
+            method = "symlink";
+          }
        ];
      };
    };
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -34,9 +34,13 @@ in
  # nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update;
  osu-lazer = unstable.osu-lazer;
  osu-lazer-bin = unstable.osu-lazer-bin;
-  # prismlauncher = inputs.prismlauncher.packages.${system}.prismlauncher.override {
-  #   jdks = [ final.temurin-bin ];
-  # };
+  prismlauncher = inputs.prismlauncher.packages.${system}.prismlauncher.override {
+    jdks = [
+      final.temurin-jre-bin
+      final.temurin-jre-bin-17
+    ];
+    textToSpeechSupport = false;
+  };
  proton-ge-bin = unstable.proton-ge-bin;
  xray = unstable.xray;
  # youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
@ -45,51 +49,16 @@ in
  sing-box = final.sing-box-extended;
  wine = prev.wineWow64Packages.stagingFull;

-  # Patch spotify with spotx
-  spotify = prev.spotify.overrideAttrs (
-    oa:
-    let
-      spotx = prev.fetchurl {
-        url = "https://raw.githubusercontent.com/SpotX-Official/SpotX-Bash/b1de24ec4c23c45da373dcb64a44e372253a0c16/spotx.sh";
-        hash = "sha256-/p6cJKzaZzjcLJISFudstQjs+lPXnXx4f0vxKbF9Sqw=";
-      };
-    in
-    {
-      nativeBuildInputs =
-        oa.nativeBuildInputs
-        ++ (with prev; [
-          perl
-          unzip
-          util-linux
-          zip
-        ]);
-      postUnpack =
-        oa.postUnpack or ""
-        + ''
-          patchShebangs --build ${spotx}
-        '';
-      postInstall =
-        oa.postInstall or ""
-        + ''
-          bash ${spotx} -f -h -P "$out/share/spotify"
-        '';
-    }
-  );
-
  # Move modprobed config to subdir. Easier to use with impermanence
  modprobed-db = prev.modprobed-db.overrideAttrs (oa: {
    nativeBuildInputs = [ prev.makeWrapper ] ++ oa.nativeBuildInputs or [ ];
-    postPatch =
-      (oa.postPatch or "")
-      + ''
+    postPatch = (oa.postPatch or "") + ''
      substituteInPlace ./common/modprobed-db.in \
        --replace-fail "/modprobed-db.conf" "/modprobed-db/modprobed-db.conf"
      substituteInPlace ./common/modprobed-db.skel \
        --replace-fail "/.config" "/.config/modprobed-db"
    '';
-    postInstall =
-      (oa.postInstall or "")
-      + ''
+    postInstall = (oa.postInstall or "") + ''
      wrapProgram $out/bin/modprobed-db \
      --set PATH ${
        with final;
--- a/secrets/blueshift/nginx.yaml
+++ b/secrets/blueshift/nginx.yaml
--- a/secrets/proxy.yaml
+++ b/secrets/proxy.yaml
Author	SHA1	Message	Date
Dmitriy Kholkin	da0daa174e	feat: add env to fix in game resolution problems	2025-08-21 04:55:50 +03:00
Dmitriy Kholkin	cf0b119546	feat: add freerdp to andromedae	2025-08-21 04:55:18 +03:00
Dmitriy Kholkin	135feea842	feat: update proxy configurations	2025-08-21 04:41:33 +03:00
Dmitriy Kholkin	0cd3f8fc06	feat: add incus virtual host to orion	2025-08-21 04:41:22 +03:00
Dmitriy Kholkin	65c93ad729	feat: add tor and sing-box-filter containers to orion	2025-08-21 04:41:01 +03:00
Dmitriy Kholkin	89c66a6269	feat: use git version of walker	2025-08-21 04:39:24 +03:00
Dmitriy Kholkin	a507a226ba	feat: add custom sing-box container with proxy filtering	2025-08-21 04:39:10 +03:00
Dmitriy Kholkin	ed5e3d74be	feat: add custom tor quadlet with bridge connecting	2025-08-21 04:38:56 +03:00
Dmitriy Kholkin	6c71035586	style: nixfmt	2025-08-21 04:38:26 +03:00
Dmitriy Kholkin	be29f1c4fb	feat: add vesktop module for desktop hosts by default	2025-08-21 04:38:04 +03:00
Dmitriy Kholkin	8371bd9f7d	feat: add samba server to andromedae for windows vms	2025-08-21 04:36:30 +03:00
Dmitriy Kholkin	e26263fb2b	feat: use quadlet instead of oci on vps	2025-08-21 04:36:11 +03:00
Dmitriy Kholkin	3f7f608aba	host: install redshift on another vps	2025-08-21 04:35:42 +03:00
Dmitriy Kholkin	eca34bdee4	feat: enable docker on andromedae	2025-08-21 04:33:38 +03:00
Dmitriy Kholkin	f00ecb7c9b	feat: add umu-launcher on andromedae	2025-08-21 04:33:13 +03:00
Dmitriy Kholkin	9e641c97bf	fix: fix system build after upgrade	2025-08-21 04:31:32 +03:00
Dmitriy Kholkin	60bd3e9064	feat: add ntsync support for gaming hosts	2025-08-21 04:30:03 +03:00
Dmitriy Kholkin	e10bf8eac9	feat: use sing-box-extended fork on tinyproxy container	2025-08-21 04:29:18 +03:00
Dmitriy Kholkin	207fad0d9d	fix: fix virtualisation module	2025-08-21 04:27:33 +03:00
Dmitriy Kholkin	cc7d570681	fix: remove broken spotify patch	2025-08-21 04:25:55 +03:00
Dmitriy Kholkin	30487353cb	feat: add prismlauncher on andromedae	2025-08-21 04:25:27 +03:00
Dmitriy Kholkin	0822712332	feat: add tor relay to vps's	2025-08-21 04:23:33 +03:00
Dmitriy Kholkin	54e9c00fcf	feat: add lsfg-vk on andromedae	2025-08-21 04:21:56 +03:00
Dmitriy Kholkin	a0dc26d5ad	feat: use git version of hyprland	2025-08-21 04:19:46 +03:00
Dmitriy Kholkin	6a24a796ca	feat: upgrade, add hyprland, prismlauncher and lsfg-vk inputs	2025-08-21 04:18:26 +03:00