AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: AtaraxiaDev:3f4317383846c76f5584b3466685706959ce3a15
Branches Tags
AtaraxiaDev:dev
AtaraxiaDev:master
...
compare: AtaraxiaDev:f931ae40350c07711fe3570b56d913d3bba3dac8
Branches Tags
AtaraxiaDev:dev
AtaraxiaDev:master

69 Commits
3f43173838 ... f931ae4035

Author SHA1 Message Date
Dmitriy Kholkin
f931ae4035
chore: update readme 2025-06-07 22:33:55 +03:00
Dmitriy Kholkin
f88d20fc12
fix: blueshift and redshift hosts evaluation 2025-06-07 22:30:44 +03:00
Dmitriy Kholkin
cd456da0e6
fix: import dummy home-manager module to hosts without real home-manager 2025-06-07 22:21:25 +03:00
Dmitriy Kholkin
961bf3a7c5
feat: add geary module 2025-06-07 21:35:36 +03:00
Dmitriy Kholkin
d4c1fd085b
feat: add spotify with spotx patch applied 2025-06-07 21:34:48 +03:00
Dmitriy Kholkin
d698c9b7d7
feat: add telegram module 2025-06-07 21:33:52 +03:00
Dmitriy Kholkin
d6a67b16a2
feat: add thunderbird module 2025-06-07 21:33:28 +03:00
Dmitriy Kholkin
a5bedcc3cc
feat: add rofi module 2025-06-07 21:33:05 +03:00
Dmitriy Kholkin
30451c48cd
feat: add mangohud module 2025-06-07 21:32:45 +03:00
Dmitriy Kholkin
f46004e976
feat: add mpv module 2025-06-07 21:31:32 +03:00
Dmitriy Kholkin
e879182969
feat: add kitty module 2025-06-07 21:31:24 +03:00
Dmitriy Kholkin
a1d783e4c3
feat: add firefox module 2025-06-07 21:31:14 +03:00
Dmitriy Kholkin
afbbc1d007
feat: add aria2 module 2025-06-07 21:31:06 +03:00
Dmitriy Kholkin
31676ef0d8
feat: use proton-ge-bin from unstable channel 2025-06-07 21:30:36 +03:00
Dmitriy Kholkin
06ce4ca258
feat: add gvfs service by default 2025-06-07 21:29:52 +03:00
Dmitriy Kholkin
7542509985
fix: import lib.mkForce 2025-06-07 21:29:07 +03:00
Dmitriy Kholkin
2e34ea22d6
fix: fix build grub2 with argon2 patches 2025-06-07 21:28:42 +03:00
Dmitriy Kholkin
7653a8a3a3
feat: add module to install some packages by default 2025-06-07 21:14:15 +03:00
Dmitriy Kholkin
0d0a0b3f98
feat: add nnn module 2025-06-07 21:13:41 +03:00
Dmitriy Kholkin
57cd092fef
feat: add eza module 2025-06-07 21:13:15 +03:00
Dmitriy Kholkin
8dbf6d17d3
feat: add home-manager direnv module 2025-06-07 21:13:02 +03:00
Dmitriy Kholkin
7934e5194b
feat: add home-manager locale module 2025-06-07 21:12:51 +03:00
Dmitriy Kholkin
e42b0c96f7
feat: add git module 2025-06-07 21:12:34 +03:00
Dmitriy Kholkin
d4f31a9ca8
feat: add gnupg module 2025-06-07 21:12:13 +03:00
Dmitriy Kholkin
43d4b8ab04
feat: add corectrl module 2025-06-07 21:11:02 +03:00
Dmitriy Kholkin
d6ce0a7f61
feat: add steam module 2025-06-07 21:10:46 +03:00
Dmitriy Kholkin
4ba3b8f959
feat: add waybar and mako modules 2025-06-07 21:09:26 +03:00
Dmitriy Kholkin
4d94184b34
feat: add wayland and hyprland modules to nixos and home-manager 2025-06-07 21:06:41 +03:00
Dmitriy Kholkin
6845a71d87
feat: add vscode module 2025-06-07 21:02:24 +03:00
Dmitriy Kholkin
72ae6cb8e3
feat: add some packages to andromedae 2025-06-07 20:59:23 +03:00
Dmitriy Kholkin
0f6454d3af
feat: enable zsh by default with custom config 2025-06-07 18:28:49 +03:00
Dmitriy Kholkin
ba8fe76c1c
fix: remove lychee and typos git-hooks 2025-06-07 18:27:58 +03:00
Dmitriy Kholkin
4daf75938f
feat: add modprobed-db service 2025-06-07 18:15:44 +03:00
Dmitriy Kholkin
428980743c
feat: add catppuccin home module 2025-06-07 18:14:46 +03:00
Dmitriy Kholkin
7c0d62d2b1
feat: add defaultApplication and startupApplications options 2025-06-07 18:10:05 +03:00
Dmitriy Kholkin
fc2638152d
feat: add pass-secret-service and password-store modules 2025-06-07 18:08:27 +03:00
Dmitriy Kholkin
26d72ea190
feat: add theme and fonts modules to home-manager 2025-06-07 17:55:18 +03:00
Dmitriy Kholkin
4a6249fb1c
feat: add new exclusion rule to typos config 2025-06-07 17:54:53 +03:00
Dmitriy Kholkin
e77c94ffad
feat: some minor options by default 2025-06-07 17:50:08 +03:00
Dmitriy Kholkin
fc3a0fa9f4
fix: enable persist by default in home modules 2025-06-07 17:48:06 +03:00
Dmitriy Kholkin
7b357ce8cc
fix: fix impermanence module import in home persist module 2025-06-07 17:47:20 +03:00
Dmitriy Kholkin
db2a97023b
feat: add nix-index-database program 2025-06-07 17:46:05 +03:00
Dmitriy Kholkin
f7ca351f48
feat: add boot nixos module 2025-06-07 17:43:36 +03:00
Dmitriy Kholkin
e8445e20ad
fix: fix some module configs 2025-06-07 17:40:24 +03:00
Dmitriy Kholkin
1b90d0ff0f
feat: add networkmanager nixos module 2025-06-07 17:40:24 +03:00
Dmitriy Kholkin
250d76cf65
feat: add hardware nixos module 2025-06-07 17:40:24 +03:00
Dmitriy Kholkin
821628a598
feat: set zsh shell by default 2025-06-07 17:32:06 +03:00
Dmitriy Kholkin
2e3e941ac2
feat: add sound nixos and home modules 2025-06-07 17:31:28 +03:00
Dmitriy Kholkin
0442bf82ad
feat: add sing-box nixos module 2025-06-07 17:29:25 +03:00
Dmitriy Kholkin
4ce388747c
feat: remove ripsecrets git-hook 2025-06-07 17:28:41 +03:00
Dmitriy Kholkin
650444f329
feat: configure static ip with bridge on andromedae host 2025-06-07 17:21:28 +03:00
Dmitriy Kholkin
adda550db2
feat: split persist module onto nixos and home ones 2025-06-07 17:20:39 +03:00
Dmitriy Kholkin
1c7a94546d
feat: change module import method 2025-06-07 17:07:22 +03:00
Dmitriy Kholkin
da405d1155
feat: use unstable mesa on andromedae 2025-06-07 17:02:29 +03:00
Dmitriy Kholkin
ab8f980c8b
feat: add new host - andromedae 2025-06-07 16:58:34 +03:00
Dmitriy Kholkin
aaa6166233
feat: add some inputs 2025-06-07 16:55:42 +03:00
Dmitriy Kholkin
b1f086b2f8
fix: update sops-nix keys 2025-06-07 16:26:47 +03:00
Dmitriy Kholkin
0eb4dfa57f
fix: fix evaluation 2025-05-28 12:03:36 +03:00
Dmitriy Kholkin
82d82d00a4
feat: add new host 'blueshift' 2025-05-28 12:02:55 +03:00
Dmitriy Kholkin
1fa421ddb8
feat: switch to stable nixos 2025-05-28 12:02:08 +03:00
Dmitriy Kholkin
967a68d81f
feat: disable flake-checker 2025-05-28 12:00:47 +03:00
Dmitriy Kholkin
dd9984f3ef
feat: use git version of lix 2025-05-28 11:47:58 +03:00
Dmitriy Kholkin
7ad25623a5
fix: add fs mounpoints to hosts 2025-03-12 15:42:24 +03:00
Dmitriy Kholkin
33b9b3eea0
feat: disable default fonts for minimal profile 2025-03-12 15:41:35 +03:00
Dmitriy Kholkin
7a944e39c6
feat: enable zfs scrub by default 2025-03-12 15:41:19 +03:00
Dmitriy Kholkin
7d5c459e59
feat: filter out mounpoints from persistance list 2025-03-12 15:41:05 +03:00
Dmitriy Kholkin
07b12c6171
feat: implement rollback on boot for zfs 2025-03-12 14:28:40 +03:00
Dmitriy Kholkin
6af773f6e1
feat: enable cache clean by default 2025-03-12 14:17:01 +03:00
Dmitriy Kholkin
fef103bfae
feat: new host 'orion' 2025-03-12 14:11:59 +03:00
81 changed files with 6391 additions and 856 deletions
Show Stats Expand all files Collapse all files

16
.sops.yaml
View File

@ -1,12 +1,26 @@
keys: keys:
- &ataraxia age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el - &ataraxia age13phpsegg6vu7a34ydtfa9s904dfpgzqhzru7epnky7glezk0xvkst9qh6h
- &blueshift age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x
- &andromedae age1kj70enq8ynqdnl04l5d0v43vcn0de0snn732wfxdxrgxhp72myeq93e9ts
- &redshift age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f - &redshift age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *ataraxia - *ataraxia
- *andromedae
- *blueshift
- *redshift - *redshift
- path_regex: secrets/andromedae/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ataraxia
- *andromedae
- path_regex: secrets/blueshift/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ataraxia
- *blueshift
- path_regex: secrets/redshift/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/redshift/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:

8
.typos.toml
View File

@ -1,8 +0,0 @@
[default]
extend-ignore-re = [
# Ignore `files = "";` declarations
"(?Rm)^\\s*files\\s*=.*;$"
]
[default.extend-words]
lazer = "lazer"

2
README.md
View File

@ -1,3 +1,3 @@
# NixOS configuration # NixOS configuration
WIP Rewrite of my old config. You can access old config in [master branch](https://github.com/AtaraxiaSjel/nixos-config/tree/master).

802
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

67
flake.nix
View File

@ -18,20 +18,21 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-master.url = "github:nixos/nixpkgs/master"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
lite-config.url = "github:ataraxiasjel/lite-config/v0.8.0"; lite-config.url = "github:ataraxiasjel/lite-config/v0.10.0";
flake-registry = { flake-registry = {
url = "github:nixos/flake-registry"; url = "github:nixos/flake-registry";
flake = false; flake = false;
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
ataraxiasjel-nur.url = "github:AtaraxiaSjel/nur"; ataraxiasjel-nur.url = "github:AtaraxiaSjel/nur";
catppuccin.url = "github:catppuccin/nix";
deploy-rs = { deploy-rs = {
url = "github:serokell/deploy-rs"; url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -41,9 +42,21 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
lix = {
url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz";
flake = false;
};
lix-module = { lix-module = {
# url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz";
url = "github:ataraxiasjel/lix-nixos-module/2.92.0-1"; inputs.nixpkgs.follows = "nixpkgs";
inputs.lix.follows = "lix";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-vscode-marketplace = {
url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = { sops-nix = {
@ -74,9 +87,11 @@
overlays = [ overlays = [
inputs.ataraxiasjel-nur.overlays.default inputs.ataraxiasjel-nur.overlays.default
inputs.ataraxiasjel-nur.overlays.grub2-unstable-argon2 inputs.ataraxiasjel-nur.overlays.grub2-unstable-argon2
inputs.nix-vscode-marketplace.overlays.default
(final: prev: (import ./overlays inputs) final prev) (final: prev: (import ./overlays inputs) final prev)
]; ];
}; };
importDummyHomeManager = true;
extraSpecialArgs = { extraSpecialArgs = {
flake-self = self; flake-self = self;
secretsDir = ./secrets; secretsDir = ./secrets;
@ -89,7 +104,21 @@
hostModuleDir = ./hosts; hostModuleDir = ./hosts;
hosts = { hosts = {
NixOS-VM.system = "x86_64-linux"; NixOS-VM.system = "x86_64-linux";
# home-workstation
andromedae = {
system = "x86_64-linux";
useHomeManager = true;
};
# home-hypervisor
orion = {
system = "x86_64-linux";
useHomeManager = false;
};
# VPS # VPS
blueshift = {
system = "x86_64-linux";
useHomeManager = false;
};
redshift = { redshift = {
system = "x86_64-linux"; system = "x86_64-linux";
useHomeManager = false; useHomeManager = false;
@ -115,7 +144,7 @@
enable = true; enable = true;
lsp.package = pkgs.nixd; lsp.package = pkgs.nixd;
}; };
pre-commit.hooks = git-hooks.hooks =
let let
default = { default = {
enable = true; enable = true;
@ -125,20 +154,9 @@
{ {
actionlint = default; actionlint = default;
deadnix = default; deadnix = default;
flake-checker = default; # flake-checker = default;
lychee = default // {
args = [
"--exclude-all-private"
"--exclude"
"^https://.*\\.backblazeb2\\.com"
"--exclude"
"^https://.*\\.ataraxiadev\\.com"
];
};
markdownlint = default; markdownlint = default;
nixfmt-rfc-style = default; nixfmt-rfc-style = default;
ripsecrets = default;
typos = default;
yamlfmt = default; yamlfmt = default;
yamllint = default // { yamllint = default // {
args = [ args = [
@ -191,6 +209,9 @@
} conf; } conf;
in in
builtins.mapAttrs mkDeploy { builtins.mapAttrs mkDeploy {
orion = {
hostname = "10.10.10.10";
};
redshift = { redshift = {
hostname = "104.164.54.197"; hostname = "104.164.54.197";
fastConnection = false; fastConnection = false;
@ -199,6 +220,14 @@
"32323" "32323"
]; ];
}; };
blueshift = {
hostname = "45.134.48.174";
fastConnection = false;
sshOpts = [
"-p"
"32323"
];
};
} }
); );
}; };

69
hosts/andromedae/boot.nix Normal file
View File

@ -0,0 +1,69 @@
{ lib, pkgs, ... }:
{
fileSystems."/" = lib.mkForce {
device = "none";
options = [
"defaults"
"size=4G"
"mode=755"
];
fsType = "tmpfs";
};
# initrd = {
# supportedFilesystems = [ "zfs" ];
# luks.devices = {
# "cryptroot" = {
# keyFile = "/keyfile0.bin";
# allowDiscards = true;
# bypassWorkqueues = true;
# };
# };
# secrets = {
# "keyfile0.bin" = "/etc/secrets/keyfile0.bin";
# };
# };
boot = {
zfs.package = pkgs.zfs_unstable;
loader = {
grub = {
enable = true;
device = "nodev";
copyKernels = true;
efiSupport = true;
enableCryptodisk = true;
useOSProber = false;
zfsSupport = true;
gfxmodeEfi = "2560x1440";
};
efi.efiSysMountPoint = "/efi";
efi.canTouchEfiVariables = true;
};
kernelParams = [
"pti=off"
"retbleed=off" # big performance impact
"spectre_v2=off"
];
kernel.sysctl = {
"kernel.split_lock_mitigate" = 0;
};
tmp.useTmpfs = true;
tmp.tmpfsSize = "100%";
tmp.tmpfsHugeMemoryPages = "within_size";
supportedFilesystems = [ "ntfs" ];
};
# AMD EPP P-State management
# powerManagement.cpuFreqGovernor = "powersave";
# services.auto-epp = {
# enable = true;
# settings.Settings.epp_state_for_BAT = "balance_performance";
# settings.Settings.epp_state_for_AC = "balance_performance";
# };
}

181
hosts/andromedae/default.nix Normal file
View File

@ -0,0 +1,181 @@
{
config,
pkgs,
lib,
inputs,
...
}:
let
inherit (lib) mkForce;
defaultUser = config.ataraxia.defaults.users.defaultUser;
in
{
imports = [
./hardware-configuration.nix
./boot.nix
inputs.catppuccin.nixosModules.catppuccin
];
catppuccin.enable = true;
catppuccin.accent = "mauve";
catppuccin.flavor = "mocha";
ataraxia.defaults.role = "desktop";
ataraxia.defaults.hardware.cpuVendor = "amd";
ataraxia.defaults.hardware.gpuVendor = "amd";
# Impermanence
ataraxia.filesystems.zfs.enable = true;
ataraxia.filesystems.zfs.eraseOnBoot.enable = true;
ataraxia.filesystems.zfs.eraseOnBoot.snapshots = [
"rpool/nixos/root@empty"
"rpool/user/home@empty"
];
ataraxia.filesystems.zfs.mountpoints = [
"/etc/secrets"
"/media/libvirt"
"/nix"
"/persist"
"/srv"
"/var/lib/ccache"
"/var/lib/containers"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/postgresql"
"/var/log"
"/vol"
];
ataraxia.networkd = {
enable = true;
ifname = "enp8s0";
mac = "60:45:cb:a0:15:11";
bridge.enable = true;
ipv4 = [
{
address = "10.10.10.100/24";
gateway = "10.10.10.1";
dns = [
"10.10.10.1"
"9.9.9.9"
];
}
];
};
# Home-manager
home-manager.users.${defaultUser} = {
ataraxia.defaults.role = "desktop";
ataraxia.programs.mangohud.enable = true;
ataraxia.services.modprobed-db.enable = true;
ataraxia.theme.catppuccin.enable = true;
wayland.windowManager.hyprland.settings = {
# TODO: Remove after flickering is fixed
# misc.vrr = lib.mkForce 0;
monitor = mkForce [
"DP-3,2560x1440@164.998993,0x0,1"
"HDMI-A-1,1920x1080@60,-1920x360,1"
",highres,auto,1"
];
exec-once = [
"${pkgs.xorg.xrandr}/bin/xrandr --output DP-3 --primary"
];
};
home.packages = with pkgs; [
devenv
nh
nix-diff
nix-update
nixfmt-rfc-style
nixos-anywhere
# anydesk
# arduino-ide
# dbeaver-bin
# dig.dnsutils
# distrobox
# exercism
# freerdp
# kdePackages.merkuro
# libsForQt5.ark
# libsForQt5.dolphin
# maa-cli
# mitmproxy
# mkvtoolnix
modprobed-db
# packwiz
# piper
# prismlauncher
# radeontop
# streamrip
# wayvnc
# winbox
# yt-archivist
];
persist.state.directories = [
".config/sops/age"
".config/WarThunder"
"nixos-config"
"projects"
];
home.stateVersion = "25.05";
};
# Services
services.postgresql.settings = {
full_page_writes = "off";
wal_init_zero = "off";
wal_recycle = "off";
};
ataraxia.programs.corectrl.enable = true;
ataraxia.programs.steam.enable = true;
ataraxia.vpn.sing-box.enable = true;
ataraxia.vpn.sing-box.config = "ataraxia-singbox";
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
# Mesa from unstable channel
hardware.graphics.package = pkgs.mesaUnstable;
hardware.graphics.package32 = pkgs.mesaUnstablei686;
programs.hyprland.package = pkgs.hyprlandUnstable;
programs.hyprland.portalPackage = pkgs.hyprlandPortalUnstable;
# Auto-mount lan nfs share
fileSystems = {
"/media/files" = {
fsType = "ntfs";
device = "/dev/disk/by-partuuid/15fa11a1-a6d8-4962-9c03-74b209d7c46a";
options = [
"nofail"
"uid=${toString config.users.users.${defaultUser}.uid}"
"gid=${toString config.users.groups.users.gid}"
];
};
"/media/win-sys" = {
fsType = "ntfs";
device = "/dev/disk/by-partuuid/4fba33e7-6b47-4e3b-b18b-882a58032673";
options = [
"nofail"
"uid=${toString config.users.users.${defaultUser}.uid}"
"gid=${toString config.users.groups.users.gid}"
];
};
"/media/local-nfs" = {
device = "10.10.10.11:/";
fsType = "nfs4";
options = [
"nfsvers=4.2"
"x-systemd.automount"
"noauto"
];
};
};
system.stateVersion = "25.05";
}

192
hosts/andromedae/hardware-configuration.nix Normal file
View File

@ -0,0 +1,192 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/home" = {
device = "rpool/user/home";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/persist" = {
device = "rpool/persistent/impermanence";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/srv" = {
device = "rpool/persistent/servers";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/etc/secrets" = {
device = "rpool/persistent/secrets";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/nix" = {
device = "rpool/persistent/nix";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/log" = {
device = "rpool/persistent/log";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/docker" = {
device = "rpool/persistent/docker";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/containers" = {
device = "rpool/persistent/containers";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/nixos-containers" = {
device = "rpool/persistent/nixos-containers";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/libvirt" = {
device = "rpool/persistent/libvirt";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/media/libvirt" = {
device = "rpool/persistent/libvirt-user";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/media/libvirt/images" = {
device = "rpool/persistent/libvirt-user/images";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/ccache" = {
device = "rpool/persistent/ccache";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/postgresql" = {
device = "rpool/persistent/postgresql";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/boot" = {
device = "bpool/nixos/boot";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/A556-CD19";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [
{
device = "/dev/disk/by-partuuid/a42e17be-989d-4b26-b7a2-055e0068eb05";
randomEncryption.enable = true;
randomEncryption.allowDiscards = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp8s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
networking.hostId = "ec5d10ad";
boot.zfs.devNodes = "/dev/disk/by-id";
boot.supportedFilesystems = [ "zfs" ];
}

78
hosts/blueshift/backups.nix Normal file
View File

@ -0,0 +1,78 @@
{
config,
lib,
inputs,
secretsDir,
...
}:
{
imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
sops.secrets.rustic-vps-pass.sopsFile = secretsDir + /rustic.yaml;
sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml;
services.rustic.backups =
let
label = "vps-containers";
in
rec {
vps-backup = {
backup = true;
prune = false;
initialize = false;
pruneOpts = [ "--repack-cacheable-only=false" ];
environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
timerConfig = {
OnCalendar = "01:00";
Persistent = true;
};
settings = {
repository = {
repository = "opendal:s3";
password-file = config.sops.secrets.rustic-vps-pass.path;
options = {
root = label;
bucket = "ataraxia-rustic-backups";
region = "eu-central-003";
endpoint = "https://s3.eu-central-003.backblazeb2.com";
};
};
repository.options = {
timeout = "5min";
retry = "10";
};
backup = {
host = config.networking.hostName;
label = label;
ignore-devid = true;
group-by = "label";
skip-identical-parent = true;
snapshots = [
{
sources = [
"/var/lib/tailscale"
"/srv/marzban"
];
}
];
};
forget = {
filter-labels = [ label ];
group-by = "label";
prune = true;
keep-daily = 4;
keep-weekly = 2;
keep-monthly = 1;
};
};
};
vps-prune = lib.recursiveUpdate vps-backup {
backup = false;
prune = true;
createWrapper = false;
timerConfig = {
OnCalendar = "Mon, 02:00";
Persistent = true;
};
};
};
}

158
hosts/blueshift/default.nix Normal file
View File

@ -0,0 +1,158 @@
{
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./backups.nix
./disk-config.nix
./services.nix
];
ataraxia.defaults.role = "server";
# Impermanence
ataraxia.filesystems.btrfs.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.device = "/dev/vda4";
ataraxia.filesystems.btrfs.eraseOnBoot.waitForDevice =
"sys-devices-pci0000:00-0000:00:06.0-virtio2-block-vda.device";
ataraxia.filesystems.btrfs.eraseOnBoot.eraseVolumes = [
{
vol = "rootfs";
blank = "rootfs-blank";
}
{
vol = "homefs";
blank = "homefs-blank";
}
];
ataraxia.filesystems.btrfs.mountpoints = [
"/home"
"/nix"
"/persist"
"/srv"
"/var/lib/containers"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/podman"
"/var/log"
];
ataraxia.defaults.ssh.ports = [ 32323 ];
ataraxia.networkd = {
enable = true;
disableIPv6 = true;
domain = "ro.ataraxiadev.com";
ifname = "enp0s3";
mac = "00:16:3e:e3:cd:40";
bridge.enable = true;
ipv4 = [
{
address = "45.134.48.174/24";
gateway = "45.134.48.1";
dns = [
"9.9.9.9"
"149.112.112.112"
];
}
];
};
services.qemuGuest.enable = lib.mkForce true;
# I don't want to specify all required kernel modules
# manually. For now at least
security.lockKernelModules = lib.mkForce false;
# scudo memalloc often borks everything
environment.memoryAllocator.provider = lib.mkForce "libc";
boot = {
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"vfat"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ "kvm-intel" ];
kernelParams = [
"scsi_mod.use_blk_mq=1"
"kvm.ignore_msrs=1"
"kvm.report_ignored_msrs=0"
# Allow access to rescue mode with locked root user
# "rd.systemd.unit=rescue.target"
"systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"
];
kernel.sysctl = {
# proxy tuning
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_slow_start_after_idle" = 0;
"net.core.default_qdisc" = "cake";
"net.core.rmem_max" = 67108864;
"net.core.wmem_max" = 67108864;
"net.core.netdev_max_backlog" = 10000;
"net.core.somaxconn" = 4096;
"net.ipv4.tcp_syncookies" = 1;
"net.ipv4.tcp_tw_reuse" = 1;
"net.ipv4.tcp_fin_timeout" = 30;
"net.ipv4.tcp_keepalive_time" = 1200;
"net.ipv4.tcp_keepalive_probes" = 5;
"net.ipv4.tcp_keepalive_intvl" = 30;
"net.ipv4.tcp_max_syn_backlog" = 8192;
"net.ipv4.tcp_max_tw_buckets" = 5000;
"net.ipv4.tcp_fastopen" = 3;
"net.ipv4.tcp_mem" = "25600 51200 102400";
"net.ipv4.udp_mem" = "25600 51200 102400";
"net.ipv4.tcp_rmem" = "4096 87380 67108864";
"net.ipv4.tcp_wmem" = "4096 65536 67108864";
"net.ipv4.tcp_mtu_probing" = 1;
};
loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
supportedFilesystems = [
"vfat"
"btrfs"
];
};
environment.systemPackages = with pkgs; [
bat
bottom
git
kitty.terminfo
micro
pwgen
rsync
];
services.fail2ban = {
enable = true;
maxretry = 3;
bantime = "2h";
bantime-increment = {
enable = true;
maxtime = "72h";
overalljails = true;
};
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
jails = {
sshd.settings = {
backend = "systemd";
mode = "aggressive";
};
};
};
system.stateVersion = "24.11";
}

112
hosts/blueshift/disk-config.nix Normal file
View File

@ -0,0 +1,112 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.disko ];
disko.devices.disk.disk1 =
let
device = "/dev/vda";
defaultMountOpts = [
"compress=zstd"
"noatime"
"autodefrag"
"ssd"
];
in
{
inherit device;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
name = "swap";
size = "1G";
content = {
type = "swap";
randomEncryption = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
postCreateHook = ''
mount -t btrfs ${device}4 /mnt
btrfs subvolume snapshot -r /mnt/rootfs /mnt/snapshots/rootfs-blank
btrfs subvolume snapshot -r /mnt/homefs /mnt/snapshots/homefs-blank
btrfs subvolume snapshot -r /mnt/persist/docker /mnt/snapshots/docker-blank
btrfs subvolume snapshot -r /mnt/persist/podman /mnt/snapshots/podman-blank
btrfs subvolume snapshot -r /mnt/persist/containers /mnt/snapshots/containers-blank
btrfs subvolume snapshot -r /mnt/persist/libvirt /mnt/snapshots/libvirt-blank
btrfs subvolume snapshot -r /mnt/persist/log /mnt/snapshots/log-blank
btrfs subvolume snapshot -r /mnt/persist/impermanence /mnt/snapshots/impermanence-blank
btrfs subvolume snapshot -r /mnt/persist/srv /mnt/snapshots/srv-blank
umount /mnt
'';
subvolumes = {
"/snapshots" = { };
"/rootfs" = {
mountpoint = "/";
mountOptions = defaultMountOpts;
};
"/homefs" = {
mountpoint = "/home";
mountOptions = defaultMountOpts;
};
"/persist" = { };
"/persist/nix" = {
mountpoint = "/nix";
mountOptions = defaultMountOpts;
};
"/persist/srv" = {
mountpoint = "/srv";
mountOptions = defaultMountOpts;
};
"/persist/docker" = {
mountpoint = "/var/lib/docker";
mountOptions = defaultMountOpts;
};
"/persist/podman" = {
mountpoint = "/var/lib/podman";
mountOptions = defaultMountOpts;
};
"/persist/containers" = {
mountpoint = "/var/lib/containers";
mountOptions = defaultMountOpts;
};
"/persist/libvirt" = {
mountpoint = "/var/lib/libvirt";
mountOptions = defaultMountOpts;
};
"/persist/log" = {
mountpoint = "/var/log";
mountOptions = defaultMountOpts;
};
"/persist/impermanence" = {
mountpoint = "/persist";
mountOptions = defaultMountOpts;
};
};
};
};
};
};
};
}

83
hosts/blueshift/services.nix Normal file
View File

@ -0,0 +1,83 @@
{
config,
lib,
pkgs,
secretsDir,
...
}:
let
cert-key = config.sops.secrets."cert.key".path;
cert-pem = config.sops.secrets."cert.pem".path;
nginx-conf = config.sops.secrets."nginx.conf".path;
marzban-env = config.sops.secrets.marzban.path;
cfgOcis = config.services.ocis;
in
{
# Tailscale exit-node
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
# Empty ocis in front
networking.firewall.allowedTCPPorts = [
80
443
];
services.ocis.enable = true;
services.ocis.url = "https://ro.ataraxiadev.com";
services.ocis.configDir = "/var/lib/ocis/config";
systemd.services.ocis.serviceConfig.ReadOnlyPaths = lib.mkForce [ ];
systemd.services.ocis.serviceConfig.ExecStartPre = pkgs.writeShellScript "ocis-init" ''
${lib.getExe cfgOcis.package} init --force-overwrite --insecure true --config-path ${config.services.ocis.configDir}
'';
# Marzban
sops.secrets =
let
nginx = {
sopsFile = secretsDir + /blueshift/nginx.yaml;
restartUnits = [ "podman-nginx.service" ];
};
marzban = {
format = "dotenv";
sopsFile = secretsDir + /blueshift/marzban.env;
restartUnits = [ "podman-marzban.service" ];
};
in
{
"cert.key" = nginx;
"cert.pem" = nginx;
"nginx.conf" = nginx;
inherit marzban;
};
virtualisation.oci-containers.containers = {
marzban = {
autoStart = true;
# Tags: v0.8.4
image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
environmentFiles = [ marzban-env ];
extraOptions = [ "--network=host" ];
volumes = [
"/srv/marzban:/var/lib/marzban"
];
};
nginx = {
autoStart = true;
# Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
extraOptions = [ "--network=host" ];
volumes = [
"${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
"${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
"${nginx-conf}:/etc/nginx/nginx.conf:ro"
];
};
};
systemd.tmpfiles.rules = [
"d ${cfgOcis.configDir} 0700 ${cfgOcis.user} ${cfgOcis.group} -"
"d /srv/marzban 0755 root root -"
];
}

26
hosts/orion/default.nix Normal file
View File

@ -0,0 +1,26 @@
{ ... }:
{
ataraxia.defaults.role = "server";
# Impermanence
ataraxia.filesystems.zfs.eraseOnBoot.enable = true;
ataraxia.filesystems.zfs.eraseOnBoot.snapshots = [
"rpool/nixos/root@blank"
"rpool/user/home@blank"
];
ataraxia.filesystems.zfs.mountpoints = [
"/etc/secrets"
"/media/bittorrent"
"/media/libvirt"
"/media/libvirt/images"
"/nix"
"/persist"
"/srv/home"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/nixos-containers"
"/var/lib/ocis"
"/var/lib/postgresql"
"/var/log"
"/vol"
];
}

5
hosts/redshift/backups.nix
View File

@ -12,10 +12,9 @@
sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml; sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml;
services.rustic.backups = services.rustic.backups =
let let
cfg = config.services.rustic.backups;
label = "vps-containers"; label = "vps-containers";
in in
{ rec {
vps-backup = { vps-backup = {
backup = true; backup = true;
prune = false; prune = false;
@ -66,7 +65,7 @@
}; };
}; };
}; };
vps-prune = lib.recursiveUpdate cfg.vps-backup { vps-prune = lib.recursiveUpdate vps-backup {
backup = false; backup = false;
prune = true; prune = true;
createWrapper = false; createWrapper = false;

61
hosts/redshift/default.nix
View File

@ -15,7 +15,6 @@
ataraxia.defaults.role = "server"; ataraxia.defaults.role = "server";
# Impermanence # Impermanence
persist.cache.clean.enable = true;
ataraxia.filesystems.btrfs.enable = true; ataraxia.filesystems.btrfs.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.enable = true; ataraxia.filesystems.btrfs.eraseOnBoot.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.device = "/dev/sda4"; ataraxia.filesystems.btrfs.eraseOnBoot.device = "/dev/sda4";
@ -31,23 +30,36 @@
blank = "homefs-blank"; blank = "homefs-blank";
} }
]; ];
ataraxia.filesystems.btrfs.mountpoints = [
"/home"
"/nix"
"/persist"
"/srv"
"/var/lib/containers"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/podman"
"/var/log"
];
ataraxia.defaults.ssh.ports = [ 32323 ]; ataraxia.defaults.ssh.ports = [ 32323 ];
ataraxia.network = { ataraxia.networkd = {
enable = true; enable = true;
enableIPv6 = false; disableIPv6 = true;
domain = "wg.ataraxiadev.com"; domain = "wg.ataraxiadev.com";
ifname = "enp0s18"; ifname = "enp0s18";
mac = "bc:24:11:99:d5:2f"; mac = "bc:24:11:99:d5:2f";
bridge.enable = true; bridge.enable = true;
ipv4 = { ipv4 = [
address = "104.164.54.197/24"; {
gateway = "104.164.54.1"; address = "104.164.54.197/24";
dns = [ gateway = "104.164.54.1";
"9.9.9.9" dns = [
"149.112.112.112" "9.9.9.9"
]; "149.112.112.112"
}; ];
}
];
}; };
services.qemuGuest.enable = lib.mkForce true; services.qemuGuest.enable = lib.mkForce true;
@ -77,11 +89,6 @@
"systemd.setenv=SYSTEMD_SULOGIN_FORCE=1" "systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"
]; ];
kernel.sysctl = { kernel.sysctl = {
"vm.swappiness" = 50;
"vm.vfs_cache_pressure" = 200;
"vm.dirty_background_ratio" = 1;
"vm.dirty_ratio" = 40;
"vm.page-cluster" = 0;
# proxy tuning # proxy tuning
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_slow_start_after_idle" = 0; "net.ipv4.tcp_slow_start_after_idle" = 0;
@ -116,19 +123,15 @@
]; ];
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = with pkgs; [
inherit (pkgs.kitty) terminfo; bat
inherit (pkgs) bottom
bat git
bottom micro
comma pwgen
git rsync
micro kitty.terminfo
nix-index ];
pwgen
rsync
;
};
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
maxretry = 3; maxretry = 3;

103
modules/home/applications/aria2.nix Normal file
View File

@ -0,0 +1,103 @@
{ config, lib, ... }:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.aria2;
homeDir = config.home.homeDirectory;
username = config.home.username;
in
{
options.ataraxia.programs.aria2 = {
enable = mkEnableOption "Enable aria2 program";
};
config = mkIf cfg.enable {
programs.aria2 = {
enable = true;
settings = {
### Basic ###
dir = "${homeDir}/Downloads";
input-file = "${homeDir}/.config/aria2/aria2.session";
save-session = "${homeDir}/.config/aria2/aria2.session";
save-session-interval = 60;
max-concurrent-downloads = 5;
continue = true;
max-overall-download-limit = 0;
max-download-limit = 0;
quiet = true;
### Advanced ###
allow-overwrite = true;
allow-piece-length-change = true;
always-resume = true;
async-dns = false;
auto-file-renaming = true;
content-disposition-default-utf8 = true;
disk-cache = "64M";
file-allocation = "falloc";
no-file-allocation-limit = "64M";
# Set log level to output to console. LEVEL is either debug, info, notice, warn or error. Default: notice
console-log-level = "notice";
# Set log level to output. LEVEL is either debug, info, notice, warn or error. Default: debug
log-level = "warn";
log = "${homeDir}/.config/aria2/aria2.log";
### RPC ###
enable-rpc = true;
pause = false;
rpc-save-upload-metadata = true;
rpc-allow-origin-all = true;
rpc-listen-all = false;
rpc-listen-port = 49100;
# rpc-secret=
# The certificate must be either in PKCS12 (.p12, .pfx) or in PEM format. When using PEM, you have to specify the private key via --rpc-private-key as well.
# rpc-certificate=
# rpc-private-key=
rpc-secure = false;
### HTTP/FTP/SFTP ###
max-connection-per-server = 16;
min-split-size = "8M";
split = 32;
# user-agent = "Transmission/4.0.2";
### BitTorrent ###
# bt-save-metadata=false
listen-port = "49101-49109";
# max-overall-upload-limit=256K
# max-upload-limit=0
seed-ratio = 0.1;
seed-time = 0;
# bt-enable-lpd = false;
enable-dht = true;
enable-dht6 = true;
dht-listen-port = "49101-49109";
dht-entry-point = "dht.transmissionbt.com:6881";
dht-entry-point6 = "dht.transmissionbt.com:6881";
dht-file-path = "${homeDir}/.config/aria2/dht.dat";
dht-file-path6 = "${homeDir}/.config/aria2/dht6.dat";
enable-peer-exchange = true;
# peer-id-prefix = "-TR2770-";
peer-agent = "Transmission/4.0.2";
# bt-tracker = "";
};
};
systemd.user.services.aria2 = {
Unit.Description = "aria2 is a download utility operated in command-line";
Service = {
Restart = "on-failure";
ExecStart = getExe config.programs.aria2.package;
};
Install.WantedBy = [ "default.target" ];
};
systemd.user.tmpfiles.rules = [
"f ${homeDir}/.config/aria2/aria2.session 0644 ${username} users -"
"f ${homeDir}/.config/aria2/dht.dat 0644 ${username} users -"
"f ${homeDir}/.config/aria2/dht6.dat 0644 ${username} users -"
];
persist.state.directories = [ ".config/aria2" ];
};
}

17
modules/home/applications/direnv.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.direnv;
in
{
options.ataraxia.programs.direnv = {
enable = mkEnableOption "Enable direnv program";
};
config = mkIf cfg.enable {
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
persist.state.directories = [ ".local/share/direnv" ];
};
}

35
modules/home/applications/eza.nix Normal file
View File

@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.eza;
catpuccin-theme = pkgs.fetchurl {
url = "https://github.com/eza-community/eza-themes/raw/7465d04d9834f94b56943024354cf61d2e67efe4/themes/catppuccin.yml";
hash = "sha256-Db7QrlhhU7rZk2IVVfGGRS5JEue6itBzoa77pmKE7EI=";
};
in
{
options.ataraxia.programs.eza = {
enable = mkEnableOption "Enable eza program";
};
config = mkIf cfg.enable {
programs.eza = {
enable = true;
colors = "auto";
extraOptions = [
"--group-directories-first"
"--header"
];
git = true;
icons = "auto";
# TODO: change in catpuccin theme module, not here
theme = catpuccin-theme;
};
};
}

188
modules/home/applications/firefox.nix Normal file
View File

@ -0,0 +1,188 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
concatStrings
fileContents
getExe
mapAttrsToList
mkEnableOption
mkIf
;
inherit (config.theme) colors fonts;
cfg = config.ataraxia.programs.firefox;
homeDir = config.home.homeDirectory;
mkUserJs =
{
prefs ? { },
extraPrefs ? "",
}:
''
${extraPrefs}
${concatStrings (
mapAttrsToList (name: value: ''
user_pref("${name}", ${builtins.toJSON value});
'') prefs
)}
'';
finalPackage = config.programs.firefox.finalPackage;
firefox-kpoxa = pkgs.writeShellScriptBin "firefox-kpoxa" ''
${getExe finalPackage} -profile ${homeDir}/.mozilla/firefox/kpoxa
'';
username = config.home.username;
in
{
options.ataraxia.programs.firefox = {
enable = mkEnableOption "Enable firefox program";
};
config = mkIf cfg.enable {
dbus.packages = [ finalPackage ];
home.packages = [ firefox-kpoxa ];
home.sessionVariables = {
MOZ_USE_XINPUT2 = "1";
MOZ_DBUS_REMOTE = "1";
};
defaultApplications.browser = {
cmd = getExe finalPackage;
desktop = "firefox";
};
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
# Mailvelope GnuPG integration
nativeMessagingHosts = [
(pkgs.writeTextDir "lib/mozilla/native-messaging-hosts/gpgmejson.json" ''
{
"name": "gpgmejson",
"description": "JavaScript binding for GnuPG",
"path": "${pkgs.gpgme.dev}/bin/gpgme-json",
"type": "stdio",
"allowed_extensions": ["jid1-AQqSMBYb0a8ADg@jetpack"]
}
'')
];
};
profiles = {
${username} = {
id = 0;
userChrome = ''
#TabsToolbar {
visibility: collapse;
}
toolbar#nav-bar, nav-bar-customization-target {
background: ${colors.color0} !important;
}
@-moz-document url("about:newtab") {
* { background-color: ${colors.color0} !important; }
}
'';
userContent = ''
.scroll-styled-h, .scroll-styled-v, html {
scrollbar-color: #495460 rgba(255, 255, 255, .0);
scrollbar-width: thin;
}
'';
extraConfig = mkUserJs {
prefs = {
"network.http.referer.XOriginPolicy" = 0;
"signon.rememberSignons" = false;
"browser.quitShortcut.disabled" = true;
"general.autoScroll" = true;
"extensions.pocket.enabled" = false;
"browser.startup.page" = 1;
"browser.startup.homepage" = "https://ataraxiadev.com";
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"browser.search.suggest.enabled" = true;
"ui.context_menus.after_mouseup" = true;
"font.name.monospace.x-western" = fonts.mono.family;
"font.name.sans-serif.x-western" = fonts.sans.family;
"font.name.serif.x-western" = fonts.serif.family;
"browser.display.background_color" = colors.color0;
"browser.display.foreground_color" = colors.color5;
"browser.anchor_color" = colors.color13;
"browser.visited_color" = colors.color12;
"browser.display.use_document_fonts" = true;
"pdfjs.disabled" = false;
"media.eme.enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"experiments.activeExperiment" = false;
"experiments.enabled" = false;
"experiments.supported" = false;
"network.allow-experiments" = false;
"network.protocol-handler.external.element" = false;
};
extraPrefs = "${fileContents "${pkgs.arkenfox-userjs}/share/user.js/user.js"}";
};
};
kpoxa = {
id = 1;
userContent = ''
.scroll-styled-h, .scroll-styled-v, html {
scrollbar-color: #495460 rgba(255, 255, 255, .0);
scrollbar-width: thin;
}
'';
extraConfig = mkUserJs {
prefs = {
"network.http.referer.XOriginPolicy" = 0;
"signon.rememberSignons" = false;
"general.autoScroll" = true;
"extensions.pocket.enabled" = false;
"browser.startup.homepage" = "https://ataraxiadev.com";
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"browser.search.suggest.enabled" = true;
"browser.urlbar.suggest.searches" = true;
"ui.context_menus.after_mouseup" = true;
"keyword.enabled" = true;
"media.eme.enabled" = true;
"browser.startup.page" = 3;
"browser.sessionstore.privacy_level" = 0;
"privacy.clearOnShutdown.history" = false;
"privacy.clearOnShutdown.cookies" = false;
"privacy.cpd.history" = false;
"font.name.monospace.x-western" = fonts.mono.family;
"font.name.sans-serif.x-western" = fonts.sans.family;
"font.name.serif.x-western" = fonts.serif.family;
"browser.display.background_color" = colors.color0;
"browser.display.foreground_color" = colors.color5;
"browser.anchor_color" = colors.color13;
"browser.visited_color" = colors.color12;
"browser.display.use_document_fonts" = true;
"experiments.activeExperiment" = false;
"experiments.enabled" = false;
"experiments.supported" = false;
"network.allow-experiments" = false;
"network.protocol-handler.external.element" = false;
};
extraPrefs = "${fileContents "${pkgs.arkenfox-userjs}/share/user.js/user.js"}";
};
};
};
};
persist.state.directories = [
# ".mozilla/firefox/${username}"
# ".mozilla/firefox/kpoxa"
".mozilla/firefox"
];
};
}

57
modules/home/applications/games/mangohud.nix Normal file
View File

@ -0,0 +1,57 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.mangohud;
in
{
options.ataraxia.programs.mangohud = {
enable = mkEnableOption "Enable mangohud program";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ mangohud ];
xdg.configFile."MangoHud/MangoHud.conf".text = ''
fps_limit=60
toggle_fps_limit=F1
legacy_layout=false
gpu_stats
gpu_temp
gpu_text=GPU
cpu_stats
cpu_temp
cpu_color=2e97cb
cpu_text=CPU
io_color=a491d3
vram
vram_color=ad64c1
ram
ram_color=c26693
fps
engine_version
engine_color=eb5b5b
gpu_color=2e9762
wine
wine_color=eb5b5b
frame_timing=1
frametime_color=00ff00
resolution
vkbasalt
media_player_color=ffffff
time
background_alpha=0.4
font_size=24
background_color=020202
position=top-left
text_color=ffffff
toggle_hud=Shift_R+F12
toggle_logging=Shift_L+F2
output_folder=${config.home.homeDirectory}
media_player_name=spotify
'';
};
}

33
modules/home/applications/geary.nix Normal file
View File

@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.geary;
in
{
options.ataraxia.programs.geary = {
enable = mkEnableOption "Enable geary program";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ geary ];
defaultApplications.mail = {
cmd = "${pkgs.geary}/bin/geary";
desktop = "geary";
};
startupApplications = [
config.defaultApplications.mail.cmd
];
persist.state.directories = [
".config/geary"
".local/share/geary"
];
};
}

80
modules/home/applications/kitty.nix Normal file
View File

@ -0,0 +1,80 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.kitty;
inherit (config.theme) colors fonts;
in
{
options.ataraxia.programs.kitty = {
enable = mkEnableOption "Enable kitty program";
};
config = mkIf cfg.enable {
defaultApplications.term = {
cmd = "${pkgs.kitty}/bin/kitty";
desktop = "kitty";
};
programs.kitty = {
enable = true;
# font.package = ;
font.name = fonts.mono.family;
font.size = fonts.size.small;
settings = {
background = "#${colors.color0}";
foreground = "#${colors.color5}";
selection_background = "#${colors.color5}";
selection_foreground = "#${colors.color0}";
url_color = "#${colors.color4}";
cursor = "#${colors.color5}";
cursor_text_color = "#${colors.color0}";
active_border_color = "#${colors.color3}";
inactive_border_color = "#${colors.color1}";
active_tab_background = "#${colors.color0}";
active_tab_foreground = "#${colors.color5}";
inactive_tab_background = "#${colors.color1}";
inactive_tab_foreground = "#${colors.color4}";
tab_bar_background = "#${colors.color1}";
wayland_titlebar_color = "#${colors.color0}";
macos_titlebar_color = "#${colors.color0}";
# normal
color = "#${colors.color0}";
color1 = "#${colors.color8}";
color2 = "#${colors.color11}";
color3 = "#${colors.color10}";
color4 = "#${colors.color13}";
color5 = "#${colors.color14}";
color6 = "#${colors.color12}";
color7 = "#${colors.color5}";
# bright
color8 = "#${colors.color3}";
color9 = "#${colors.color8}";
color10 = "#${colors.color11}";
color11 = "#${colors.color10}";
color12 = "#${colors.color13}";
color13 = "#${colors.color14}";
color14 = "#${colors.color12}";
color15 = "#${colors.color7}";
# extended base16 colors
color16 = "#${colors.color9}";
color17 = "#${colors.color15}";
color18 = "#${colors.color1}";
color19 = "#${colors.color2}";
color20 = "#${colors.color4}";
color21 = "#${colors.color6}";
enable_audio_bell = false;
confirm_os_window_close = 0;
};
};
};
}

39
modules/home/applications/mpv.nix Normal file
View File

@ -0,0 +1,39 @@
{
config,
lib,
osConfig ? null,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.mpv;
gpu = if (osConfig != null) then osConfig.ataraxia.defaults.hardware.gpuVendor else null;
in
{
options.ataraxia.programs.mpv = {
enable = mkEnableOption "Enable mpv program";
};
config = mkIf cfg.enable {
programs.mpv = {
enable = true;
config = {
vo = "gpu-next";
gpu-context = "wayland";
save-position-on-quit = "yes";
hwdec = if gpu == "nvidia" then "vdpau" else "vaapi";
};
};
defaultApplications.media-player = {
cmd = "${config.programs.mpv.package}/bin/mpv";
desktop = "mpv";
};
persist.state.directories = [
".config/mpv"
];
};
}

38
modules/home/applications/nnn.nix Normal file
View File

@ -0,0 +1,38 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.nnn;
in
{
options.ataraxia.programs.nnn = {
enable = mkEnableOption "Enable nnn program";
};
config = mkIf cfg.enable {
programs.nnn = {
enable = true;
package = pkgs.nnn.override { withNerdIcons = true; };
# extraPackages = with pkgs; [ ffmpegthumbnailer mediainfo sxiv ];
# bookmarks = {
# d = "~/Documents";
# D = "~/Downloads";
# p = "~/Pictures";
# v = "~/Videos";
# };
# plugins = { };
};
programs.zsh.shellAliases = {
"n" = "nnn -deHE";
};
persist.state.directories = [
".config/nnn"
];
};
}

71
modules/home/applications/packages.nix Normal file
View File

@ -0,0 +1,71 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.default;
thunarFinal =
with pkgs.xfce;
(thunar.override {
thunarPlugins = [
thunar-archive-plugin
thunar-media-tags-plugin
];
});
in
{
options.ataraxia.programs.default = {
enable = mkEnableOption "Install some program by default";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
bat
bottom
fd
libqalculate
p7zip
pinfo
qalculate-gtk
qbittorrent
qimgv
ripgrep
rsync
thunarFinal
tldr
translate-shell
unrar
];
persist.state.directories = [
".config/qalculate"
".config/qBittorrent"
".config/qimgv"
".config/Thunar"
".config/xarchiver"
];
defaultApplications = {
archive = {
cmd = getExe pkgs.xarchiver;
desktop = "xarchiver";
};
fm = {
cmd = "${thunarFinal}/bin/thunar";
desktop = "thunar";
};
image = {
cmd = getExe pkgs.qimgv;
desktop = "qimgv";
};
torrent = {
cmd = getExe pkgs.qbittorrent;
desktop = "qbittorrent";
};
};
};
}

31
modules/home/applications/rofi.nix Normal file
View File

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
inherit (config.theme) fonts;
cfg = config.ataraxia.programs.rofi;
in
{
options.ataraxia.programs.rofi = {
enable = mkEnableOption "Enable rofi program";
};
config = mkIf cfg.enable {
defaultApplications.dmenu = {
cmd = "${getExe config.programs.rofi.package} -show run";
desktop = "rofi";
};
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
font = "${fonts.mono.family} ${toString fonts.size.big}";
terminal = config.defaultApplications.term.cmd;
# theme = "${themeFile}";
};
};
}

34
modules/home/applications/spotify.nix Normal file
View File

@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.spotify;
in
{
options.ataraxia.programs.spotify = {
enable = mkEnableOption "Enable spotify program";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
spotifywm
];
defaultApplications.spotify = {
cmd = getExe pkgs.spotifywm;
desktop = "spotify";
};
startupApplications = [
config.defaultApplications.spotify.cmd
];
persist.state.directories = [
".config/spotify"
];
};
}

34
modules/home/applications/telegram.nix Normal file
View File

@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.telegram;
in
{
options.ataraxia.programs.telegram = {
enable = mkEnableOption "Enable telegram program";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
telegram-desktop
];
defaultApplications.messenger = {
cmd = getExe pkgs.telegram-desktop;
desktop = "telegram-desktop";
};
startupApplications = with config.defaultApplications; [
messenger.cmd
];
persist.state.directories = [
".local/share/TelegramDesktop"
];
};
}

38
modules/home/applications/thunderbird.nix Normal file
View File

@ -0,0 +1,38 @@
{
config,
lib,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.thunderbird;
username = config.home.username;
in
{
options.ataraxia.programs.thunderbird = {
enable = mkEnableOption "Enable thunderbird program";
};
config = mkIf cfg.enable {
programs.thunderbird = {
enable = true;
profiles.${username} = {
isDefault = true;
withExternalGnupg = true;
};
};
defaultApplications.mail = {
cmd = getExe config.programs.thunderbird.package;
desktop = "thunderbird";
};
startupApplications = [
config.defaultApplications.mail.cmd
];
persist.state.directories = [
".thunderbird/${username}"
];
};
}

170
modules/home/applications/vscode.nix Normal file
View File

@ -0,0 +1,170 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
inherit (config.theme) fonts;
cfg = config.ataraxia.programs.vscode;
EDITOR = pkgs.writeShellScript "code-editor" ''
source "${config.home.profileDirectory}/etc/profile.d/hm-session-vars.sh"
NIXOS_OZONE_WL=1 \
exec \
${getExe config.programs.vscode.package} \
--password-store="gnome-libsecret" \
-w -n \
"$@"
'';
in
{
options.ataraxia.programs.vscode = {
enable = mkEnableOption "Enable vscode program";
};
config = mkIf cfg.enable {
defaultApplications.editor = {
cmd = EDITOR;
desktop = "code-wayland";
};
home.sessionVariables = {
EDITOR = config.defaultApplications.editor.cmd;
VISUAL = config.defaultApplications.editor.cmd;
};
programs.vscode = {
enable = true;
package = pkgs.vscode;
profiles.default = {
enableExtensionUpdateCheck = false;
enableUpdateCheck = false;
extensions =
let
ext-market = pkgs.nix-vscode-extensions.vscode-marketplace;
ext-nixpkgs = pkgs.vscode-extensions;
in
with ext-market;
[
aaron-bond.better-comments
catppuccin.catppuccin-vsc-icons
christian-kohler.path-intellisense
codezombiech.gitignore
eamodio.gitlens
enkia.tokyo-night
fill-labs.dependi
github.vscode-github-actions
github.vscode-pull-request-github
gruntfuggly.todo-tree
irongeek.vscode-env
jebbs.plantuml
jnoortheen.nix-ide
mhutchie.git-graph
mkhl.direnv
ms-azuretools.vscode-docker
ms-python.isort
ms-python.python
ms-python.vscode-pylance
ms-vscode-remote.remote-containers
ms-vscode-remote.remote-ssh
ms-vscode.cpptools
ms-vscode.hexeditor
pkief.material-icon-theme
tamasfe.even-better-toml
ultram4rine.vscode-choosealicense
usernamehw.errorlens
yzhang.markdown-all-in-one
# Rust
jscearcy.rust-doc-viewer
polypus74.trusty-rusty-snippets
rust-lang.rust-analyzer
ext-nixpkgs.vadimcn.vscode-lldb
];
# mutableExtensionsDir = false;
userSettings = {
"editor.fontFamily" = fonts.mono.family;
"editor.fontLigatures" = true;
"editor.fontSize" = 16;
"editor.guides.bracketPairs" = "active";
"editor.quickSuggestions" = {
"other" = true;
"comments" = false;
"strings" = true;
};
"files.autoSave" = "afterDelay";
"files.exclude" = {
"**/.classpath" = true;
"**/.devenv" = true;
"**/.direnv" = true;
"**/.factorypath" = true;
"**/.project" = true;
"**/.settings" = true;
};
"files.trimTrailingWhitespace" = true;
"files.watcherExclude" = {
"**/.devenv" = true;
"**/.direnv" = true;
};
"git-graph.repository.sign.commits" = true;
"git-graph.repository.sign.tags" = true;
"git.autofetch" = false;
"git.enableCommitSigning" = true;
"license.author" = "Dmitriy <ataraxiadev@ataraxiadev.com>";
"license.default" = "mit";
"license.extension" = ".md";
"license.year" = "auto";
"nix.enableLanguageServer" = true;
"nix.formatterPath" = getExe pkgs.nixfmt-rfc-style;
# "nix.serverPath" = getExe pkgs.nil;
"nix.serverPath" = getExe pkgs.nixd;
"nix.serverSettings" = {
"nil" = {
"formatting" = {
"command" = [ (getExe pkgs.nixfmt-rfc-style) ];
};
};
"nixd" = {
"formatting" = {
"command" = [
(getExe pkgs.nixfmt-rfc-style)
];
};
};
};
"rust-analyzer.check.command" = "clippy";
"search.exclude" = {
"**/.devenv" = true;
"**/.direnv" = true;
};
"security.workspace.trust.untrustedFiles" = "open";
"telemetry.telemetryLevel" = "off";
"terminal.integrated.defaultProfile.linux" = "zsh";
"terminal.integrated.fontFamily" = fonts.mono.family;
"terminal.integrated.fontWeight" = "500";
"terminal.integrated.profiles.linux".zsh.path = "/run/current-system/sw/bin/zsh";
"terminal.integrated.scrollback" = 100000;
"todo-tree.regex.regex" = "(//|#|<!--|;|/\\*|^|^[ \\t]*(-|\\d+.))\\s*($TAGS)|todo!";
"update.mode" = "none";
"window.menuBarVisibility" = "toggle";
"window.titleBarStyle" = "custom";
"workbench.colorTheme" = lib.mkDefault "Tokyo Night";
"workbench.iconTheme" = lib.mkDefault "material-icon-theme";
"[nix]" = {
"editor.tabSize" = 2;
"editor.detectIndentation" = true;
};
"[rust]" = {
"editor.defaultFormatter" = "rust-lang.rust-analyzer";
"editor.formatOnSave" = true;
};
};
};
};
persist.state.directories = [
".config/Code"
];
};
}

67
modules/home/default.nix
View File

@ -1,11 +1,68 @@
{ lib, ... }: { lib, ... }:
let let
inherit (lib) filterAttrs; inherit (builtins)
inherit (builtins) attrNames readDir; attrValues
moduleDirs = concatLists
mapAttrs
readDir
;
inherit (lib) hasSuffix mkOption remove;
inherit (lib.types)
attrsOf
listOf
path
str
submodule
;
filterRoot = remove (./. + "/default.nix");
findModules =
dir: dir:
map (name: dir + "/${name}") (attrNames (filterAttrs (_: type: type == "directory") (readDir dir))); concatLists (
attrValues (
mapAttrs (
name: type:
if type == "directory" then
if (readDir (dir + "/${name}")) ? "default.nix" then
[
(dir + "/${name}")
]
else
findModules (dir + "/${name}")
else if (type == "regular" && (hasSuffix ".nix" name)) then
[
(dir + "/${name}")
]
else
[ ]
) (readDir dir)
)
);
in in
{ {
imports = moduleDirs ./.; imports = filterRoot (findModules ./.);
options = {
defaultApplications = mkOption {
default = { };
type = attrsOf (
submodule (
{ ... }:
{
options = {
cmd = mkOption { type = path; };
desktop = mkOption { type = str; };
};
}
)
);
description = "Preferred applications";
};
startupApplications = mkOption {
type = listOf str;
description = "Applications to run on startup";
};
};
} }

26
modules/home/hardware/sound.nix Normal file
View File

@ -0,0 +1,26 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.sound;
in
{
options.ataraxia.defaults.sound = {
enable = mkEnableOption "Default sound settings";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
pavucontrol
pulseaudio
];
services.easyeffects.enable = true;
persist.state.directories = [ ".local/state/wireplumber" ];
};
}

26
modules/home/locale/default.nix Normal file
View File

@ -0,0 +1,26 @@
{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.locale;
dk = "en_DK.UTF-8";
ie = "en_IE.UTF-8";
ru = "ru_RU.UTF-8";
in
{
options.ataraxia.defaults.locale = {
enable = mkEnableOption "Default locale settings";
};
config = mkIf cfg.enable {
home.language = {
base = ie;
address = ru;
monetary = ru;
numeric = ru;
paper = ru;
telephone = ru;
time = dk;
};
};
}

83
modules/home/persist/default.nix
View File

@ -1,19 +1,28 @@
{ {
config, config,
lib, lib,
pkgs,
inputs,
... ...
}: }:
let let
inherit (lib) inherit (lib)
escapeShellArg
mkEnableOption mkEnableOption
mkIf mkIf
mkOption mkOption
recursiveUpdate recursiveUpdate
; ;
inherit (lib.types) listOf path str; inherit (lib.types) listOf path str;
inherit (builtins) concatMap;
cfg = config.persist; cfg = config.persist;
username = config.home.username;
homeDir = config.home.homeDirectory;
absoluteHomePath = map (x: "${homeDir}/${x}");
in in
{ {
imports = [ inputs.impermanence.homeManagerModules.impermanence ];
options = options =
let let
common = { common = {
@ -32,7 +41,7 @@ in
enable = mkEnableOption "A tmpfs root with explicit opt-in state"; enable = mkEnableOption "A tmpfs root with explicit opt-in state";
persistRoot = mkOption { persistRoot = mkOption {
type = path; type = path;
default = "/persist"; default = "/persist${config.home.homeDirectory}";
}; };
# Stuff that matters # Stuff that matters
# TODO backups # TODO backups
@ -53,11 +62,71 @@ in
}; };
}; };
config = mkIf cfg.enable { # TODO: filter persist paths like in nixos module
# Persist by default config =
persist.cache.directories = [ ".cache" ]; let
persist.state = { takeAll = what: concatMap (x: x.${what});
directories = [ ".local/share/nix" ]; persists = with cfg; [
state
cache
];
allFiles = takeAll "files" persists;
allDirs = takeAll "directories" persists;
in
mkIf cfg.enable {
home.persistence.${cfg.persistRoot} = {
allowOther = true;
directories = allDirs;
files = allFiles;
};
# Persist by default
persist.cache.directories = [ ".cache" ];
persist.state = {
directories = [
"Downloads"
"Documents"
"Music"
"Pictures"
"Videos"
".config/dconf"
".local/share/nix"
".ssh"
# { directory = ".ssh"; mode = "0700"; }
];
};
systemd.user = mkIf cfg.cache.clean.enable {
services."persist-cache-cleanup-${username}" = {
Unit = {
Description = "Cleaning up cache files and directories for user ${username}";
Wants = [ "modprobed-db.timer" ];
};
Service = {
ExecStart = pkgs.writeShellScript "" ''
${builtins.concatStringsSep "\n" (
map (x: "rm ${escapeShellArg x}") (absoluteHomePath cfg.cache.files)
)}
${builtins.concatStringsSep "\n" (
map (x: "rm -rf ${escapeShellArg x}") (absoluteHomePath cfg.cache.directories)
)}
'';
Type = "simple";
};
Install.WantedBy = [ "default.target" ];
};
timers."persist-cache-cleanup-${username}" = {
Unit = {
Description = "Run persist-cache-cleanup-${username} service by set schedule";
PartOf = [ "persist-cache-cleanup-${username}.service" ];
};
Timer = {
Persistent = true;
OnCalendar = cfg.cache.clean.dates;
};
Install.WantedBy = [ "timers.target" ];
};
};
}; };
};
} }

101
modules/home/roles/default.nix Normal file
View File

@ -0,0 +1,101 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib)
mkDefault
mkIf
mkMerge
mkOption
recursiveUpdate
types
;
inherit (lib.hm.dag) entryAfter;
role = config.ataraxia.defaults.role;
in
{
options.ataraxia.defaults = {
role = mkOption {
type = types.enum [
"none"
"base"
"server"
"desktop"
];
default = "none";
};
};
imports = [
inputs.nix-index-database.hmModules.nix-index
];
config =
let
baseRole = {
ataraxia.defaults.git.enable = mkDefault true;
ataraxia.defaults.gpg.enable = mkDefault true;
ataraxia.defaults.locale.enable = mkDefault true;
ataraxia.defaults.zsh.enable = mkDefault true;
ataraxia.programs.direnv.enable = mkDefault true;
ataraxia.programs.eza.enable = mkDefault true;
ataraxia.programs.nnn.enable = mkDefault true;
ataraxia.security.pass-secret-service.enable = mkDefault true;
ataraxia.security.password-store.enable = mkDefault true;
programs.nix-index.enable = mkDefault true;
programs.nix-index-database.comma.enable = mkDefault true;
home.activation = {
remove-nix-legacy = entryAfter [ "writeBoundary" ] ''
rm -rf ${config.home.homeDirectory}/.nix-defexpr
unlink ${config.home.homeDirectory}/.nix-profile
'';
};
news.display = "silent";
persist.enable = mkDefault true;
persist.cache.clean.enable = mkDefault true;
# Cargo cache
home.sessionVariables = {
CARGO_HOME = mkDefault "${config.xdg.dataHome}/cargo";
};
persist.cache.directories = [
".local/share/cargo"
];
xdg.configFile."nixpkgs/config.nix".text = mkDefault ''
{ allowUnfree = true; android_sdk.accept_license = true; }
'';
};
serverRole = recursiveUpdate baseRole { };
desktopRole = recursiveUpdate baseRole {
ataraxia.defaults.fonts.enable = mkDefault true;
ataraxia.defaults.sound.enable = mkDefault true;
ataraxia.programs.aria2.enable = mkDefault true;
ataraxia.programs.default.enable = mkDefault true;
ataraxia.programs.firefox.enable = mkDefault true;
ataraxia.programs.kitty.enable = mkDefault true;
ataraxia.programs.mpv.enable = mkDefault true;
ataraxia.programs.rofi.enable = mkDefault true;
ataraxia.programs.spotify.enable = mkDefault true;
ataraxia.programs.telegram.enable = mkDefault true;
ataraxia.programs.thunderbird.enable = mkDefault true;
ataraxia.programs.vscode.enable = mkDefault true;
ataraxia.wayland.enable = mkDefault true;
ataraxia.wayland.hyprland.enable = mkDefault true;
ataraxia.wayland.mako.enable = mkDefault true;
ataraxia.wayland.waybar.enable = mkDefault true;
};
in
mkMerge [
(mkIf (role == "base") baseRole)
(mkIf (role == "server") serverRole)
(mkIf (role == "desktop") desktopRole)
];
}

34
modules/home/security/pass-secret-service.nix Normal file
View File

@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.security.pass-secret-service;
in
{
options.ataraxia.security.pass-secret-service = {
enable = mkEnableOption "Whether to enable pass-secret-service";
};
config = mkIf cfg.enable {
home.packages = [ pkgs.pass-secret-service ];
dbus.packages = [ pkgs.pass-secret-service ];
xdg.portal.extraPortals = [ pkgs.pass-secret-service ];
services.pass-secret-service.enable = true;
systemd.user.services.pass-secret-service = {
Service.Environment = [
"GPG_TTY=/dev/tty1"
"DISPLAY=:0"
];
Unit = rec {
Wants = [ "gpg-agent.service" ];
After = Wants;
PartOf = [ "graphical-session-pre.target" ];
};
};
};
}

67
modules/home/security/password-store.nix Normal file
View File

@ -0,0 +1,67 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
inherit (lib.types) nullOr path str;
cfg = config.ataraxia.security.password-store;
in
{
options.ataraxia.security.password-store = {
enable = mkEnableOption "Whether to enable password store";
autoSync = mkEnableOption "Whether to enable automatic sync of password store";
store = mkOption {
type = path;
default = "${config.xdg.dataHome}/password-store";
};
gnupgHome = mkOption {
type = path;
default =
if config.programs.gpg.enable then config.programs.gpg.homedir else "${config.xdg.dataHome}/gnupg";
};
repo = mkOption {
default = null;
description = "Git repository to sync with";
type = nullOr str;
};
sshKey = mkOption {
default = null;
description = "Ssh key to use for private repository";
type = nullOr str;
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.autoSync && cfg.repo == null);
message = "If autoSync enabled, you must set repo to sync";
}
{
assertion = !(cfg.autoSync && cfg.sskKey == null);
message = "If autoSync enabled, you must set sshKey for connection to repo";
}
];
# TODO: autosync with git
programs.password-store = {
enable = true;
package =
if config.ataraxia.wayland.enable then
pkgs.pass.withExtensions (exts: [ exts.pass-otp ])
else
pkgs.pass-wayland.withExtensions (exts: [ exts.pass-otp ]);
settings.PASSWORD_STORE_DIR = cfg.store;
};
persist.state.directories = [ cfg.store ];
};
}

46
modules/home/services/modprobed-db.nix Normal file
View File

@ -0,0 +1,46 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkPackageOption mkIf;
cfg = config.ataraxia.services.modprobed-db;
in
{
options = {
ataraxia.services.modprobed-db = {
enable = mkEnableOption "modprobed-db service to scan and store new kernel modules";
package = mkPackageOption pkgs "modprobed-db" { };
};
};
config = mkIf cfg.enable {
systemd.user = {
services.modprobed-db = {
Unit = {
Description = "modprobed-db service to scan and store new kernel modules";
Wants = [ "modprobed-db.timer" ];
};
Service = {
ExecStart = "${cfg.package}/bin/modprobed-db storesilent";
Type = "simple";
};
Install.WantedBy = [ "default.target" ];
};
timers.modprobed-db = {
Unit.PartOf = [ "modprobed-db.service" ];
Timer = {
Persistent = true;
OnUnitActiveSec = "1h";
};
Install.WantedBy = [ "timers.target" ];
};
};
persist.state.directories = [
".config/modprobed-db"
];
};
}

141
modules/home/theme/catppuccin.nix Normal file
View File

@ -0,0 +1,141 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
inherit (lib)
mkEnableOption
mkIf
mkMerge
mkOption
;
inherit (lib.types) bool enum;
cfg = config.ataraxia.theme.catppuccin;
# this capitalizes the first letter in a string.
mkUpper =
str:
(lib.toUpper (builtins.substring 0 1 str)) + (builtins.substring 1 (builtins.stringLength str) str);
in
{
options.ataraxia.theme.catppuccin = {
enable = mkEnableOption "Enable catppuccin theme";
gtk = mkOption {
type = bool;
default = true;
description = "Enable gtk settings";
};
accent = mkOption {
type = enum [
"blue"
"flamingo"
"green"
"lavender"
"maroon"
"mauve"
"peach"
"pink"
"red"
"rosewater"
"sapphire"
"sky"
"teal"
"yellow"
];
default = "mauve";
description = "Catppuccin accent";
};
flavor = mkOption {
type = enum [
"latte"
"frappe"
"macchiato"
"mocha"
];
default = "mocha";
description = "Catppuccin flavor";
};
};
imports = [ inputs.catppuccin.homeModules.catppuccin ];
config = mkMerge [
(mkIf cfg.enable {
catppuccin.accent = cfg.accent;
catppuccin.flavor = cfg.flavor;
catppuccin.enable = true;
catppuccin.waybar.mode = "prependImport"; # or "createLink"
catppuccin.vscode = {
enable = true;
flavor = cfg.flavor;
settings = {
accent = cfg.accent;
boldKeywords = false;
italicComments = false;
italicKeywords = false;
extraBordersEnabled = false;
workbenchMode = "flat";
bracketMode = "dimmed";
colorOverrides = {
${cfg.flavor} = {
base = "#1c1c2d";
mantle = "#191925";
crust = "#151511";
};
};
customUIColors = {
"statusBar.foreground" = "accent";
};
};
};
programs.vscode.profiles.default.userSettings = {
"editor.semanticHighlighting.enabled" = lib.mkForce true;
"terminal.integrated.minimumContrastRatio" = lib.mkForce 1;
"window.titleBarStyle" = lib.mkForce "custom";
"workbench.colorTheme" = lib.mkForce "Catppuccin ${mkUpper cfg.flavor}";
"workbench.iconTheme" = lib.mkForce "catppuccin-${cfg.flavor}";
};
})
(mkIf (cfg.enable && cfg.gtk) {
gtk = {
enable = true;
theme = {
name = "catppuccin-${cfg.flavor}-${cfg.accent}-standard+normal";
package = pkgs.catppuccin-gtk.override {
accents = [ cfg.accent ];
tweaks = [ "normal" ];
variant = cfg.flavor;
};
};
iconTheme = {
name = "Papirus-Dark";
package = pkgs.catppuccin-papirus-folders.override { inherit (cfg) accent flavor; };
};
font = {
package = config.theme.fonts.sans.package;
name = config.theme.fonts.sans.family;
size = config.theme.fonts.size.normal;
};
gtk3.extraConfig = {
gtk-application-prefer-dark-theme = 1;
};
gtk4.extraConfig = {
gtk-application-prefer-dark-theme = 1;
};
};
home.sessionVariables.GTK_THEME = config.gtk.theme.name;
xdg.configFile =
let
gtk4Dir = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0";
in
{
"gtk-4.0/assets".source = "${gtk4Dir}/assets";
"gtk-4.0/gtk.css".source = "${gtk4Dir}/gtk.css";
"gtk-4.0/gtk-dark.css".source = "${gtk4Dir}/gtk-dark.css";
};
})
];
}

38
modules/home/theme/fonts.nix Normal file
View File

@ -0,0 +1,38 @@
{
config,
lib,
...
}:
let
inherit (lib) mkEnableOption mkIf unique;
cfg = config.ataraxia.defaults.fonts;
inherit (config.theme) fonts;
in
{
options.ataraxia.defaults.fonts = {
enable = mkEnableOption "Setup default fonts";
};
config = mkIf cfg.enable {
home.packages = unique [
fonts.sans.package
fonts.serif.package
fonts.mono.package
fonts.emoji.package
fonts.icons.package
];
fonts = {
fontconfig = {
enable = true;
defaultFonts = {
emoji = [ fonts.emoji.family ];
monospace = [ fonts.mono.family ];
sansSerif = [ fonts.sans.family ];
serif = [ fonts.serif.family ];
};
};
};
};
}

138
modules/home/theme/theme.nix Normal file
View File

@ -0,0 +1,138 @@
{ lib, pkgs, ... }:
let
inherit (lib) mkOption;
inherit (lib.types)
attrsOf
int
package
str
submodule
;
fontSubmodule = {
options = {
family = mkOption {
type = str;
};
package = mkOption {
type = package;
};
};
};
in
{
options.theme = {
colors = mkOption {
type = attrsOf str;
default = { };
};
fonts = {
sans = mkOption {
type = submodule fontSubmodule;
default = { };
};
serif = mkOption {
type = submodule fontSubmodule;
default = { };
};
mono = mkOption {
type = submodule fontSubmodule;
default = { };
};
emoji = mkOption {
type = submodule fontSubmodule;
default = { };
};
icons = mkOption {
type = submodule fontSubmodule;
default = { };
};
size = mkOption {
type = submodule {
options =
let
sizeOpt = mkOption {
type = int;
};
in
{
big = sizeOpt;
normal = sizeOpt;
small = sizeOpt;
};
};
};
};
icons = mkOption {
type = (
submodule {
options = {
name = mkOption {
type = str;
};
package = mkOption {
type = package;
};
};
}
);
default = { };
};
};
config = {
theme = {
colors = {
color0 = "1e1e2e"; # base
color1 = "181825"; # mantle
color2 = "313244"; # surface0
color3 = "45475a"; # surface1
color4 = "585b70"; # surface2
color5 = "cdd6f4"; # text
color6 = "f5e0dc"; # rosewater
color7 = "b4befe"; # lavender
color8 = "f38ba8"; # red
color9 = "fab387"; # peach
color10 = "f9e2af"; # yellow
color11 = "a6e3a1"; # green
color12 = "94e2d5"; # teal
color13 = "89b4fa"; # blue
color14 = "cba6f7"; # mauve
color15 = "f2cdcd"; # flamingo
};
fonts = {
sans = {
family = "Atkinson Hyperlegible Next";
package = pkgs.atkinson-hyperlegible-next;
};
serif = {
family = "Atkinson Hyperlegible Next";
package = pkgs.atkinson-hyperlegible-next;
};
mono = {
# family = "Atkinson Hyperlegible Mono";
# package = pkgs.atkinson-hyperlegible-mono;
family = "VictorMono Nerd Font Mono";
package = pkgs.nerd-fonts.victor-mono;
};
emoji = {
family = "Noto Color Emoji";
package = pkgs.noto-fonts-color-emoji;
};
icons = {
# family = "Material Icons";
# package = pkgs.material-icons;
family = "Rose-Pine";
package = pkgs.rosepine-gtk-icons;
};
size.big = 14;
size.normal = 12;
size.small = 11;
};
icons = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
};
};
}

57
modules/home/workspace/git.nix Normal file
View File

@ -0,0 +1,57 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.git;
in
{
options.ataraxia.defaults.git = {
enable = mkEnableOption "Default git settings";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
difftastic
gh
];
programs.git = {
enable = true;
lfs.enable = true;
userEmail = "ataraxiadev@ataraxiadev.com";
userName = "Dmitriy Kholkin";
signing = {
signByDefault = true;
key = "922DA6E758A0FE4CFAB4E4B2FD266B810DF48DF2";
};
ignores = [
".direnv"
"*~"
".#*"
"#*#"
];
extraConfig = {
core = {
editor = "code --wait";
};
init = {
defaultBranch = "dev";
};
pull.rebase = true;
safe.directory = "*";
};
difftastic = {
enable = true;
background = "dark";
color = "always";
# display = "inline";
};
};
persist.state.directories = [ ".config/gh" ];
};
}

42
modules/home/workspace/gpg.nix Normal file
View File

@ -0,0 +1,42 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.gpg;
in
{
options.ataraxia.defaults.gpg = {
enable = mkEnableOption "Default gpg settings";
};
config = mkIf cfg.enable {
programs.gpg = {
enable = true;
homedir = "${config.xdg.dataHome}/gnupg";
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentry.package = pkgs.pinentry-gnome3;
sshKeys = [
"7A7130ABF128CC2C32B3D6AD27515056B0193CE1"
"E6A6377C3D0827C36428A290199FDB3B91414AFE"
];
};
systemd.user.services.gpg-agent = {
Service = {
Environment = lib.mkForce [
"GPG_TTY=/dev/tty1"
"DISPLAY=:0"
"GNUPGHOME=${config.programs.gpg.homedir}"
];
};
};
persist.state.directories = [ ".local/share/gnupg" ];
};
}

272
modules/home/workspace/wayland/hyprland.nix Normal file
View File

@ -0,0 +1,272 @@
{
config,
lib,
pkgs,
osConfig ? null,
...
}:
let
inherit (builtins) mapAttrs;
inherit (lib)
mkEnableOption
mkDefault
mkIf
optionalString
;
inherit (config.theme) colors;
cfg = config.ataraxia.wayland.hyprland;
apps = config.defaultApplications;
useNixosHyprland = osConfig != null && osConfig.programs.hyprland.enable;
useWithUWSM = osConfig != null && osConfig.programs.hyprland.withUWSM;
execApp = optionalString useWithUWSM "uwsm app --";
in
{
options.ataraxia.wayland.hyprland = {
enable = mkEnableOption "Enable hyprland";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
cliphist
grim
libnotify
mpris-ctl
pamixer
pavucontrol
slurp
wl-clipboard
];
wayland.windowManager.hyprland = {
enable = true;
package = mkIf useNixosHyprland null;
portalPackage = mkIf useNixosHyprland null;
systemd.enable = !useWithUWSM;
systemd.variables = [ "--all" ];
xwayland.enable = true;
settings = {
animations.enabled = true;
# fix gamescope issue: https://github.com/NixOS/nixpkgs/issues/351516
debug.full_cm_proto = true;
decoration = {
active_opacity = 0.95;
blur = {
enabled = true;
ignore_opacity = true;
passes = 3;
size = 2;
};
fullscreen_opacity = 1.0;
inactive_opacity = 0.85;
rounding = 0;
shadow = {
enabled = true;
color = "0xAA${colors.color8}";
ignore_window = true;
offset = "0 0";
range = 6;
};
};
ecosystem.no_update_news = true;
experimental.xx_color_management_v4 = true;
general = {
border_size = 1;
#col.active_border = "0xAA${colors.color8}";
#col.inactive_border = "0xAA${colors.color10}";
#col.nogroup_border = "0xCC${colors.color10}";
#col.nogroup_border_active = "0xAA${colors.color8}";
gaps_in = 6;
gaps_out = 12;
no_border_on_floating = false;
};
gestures.workspace_swipe = false;
input = {
follow_mouse = true;
force_no_accel = true;
kb_layout = "us,ru";
kb_options = "grp:win_space_toggle";
natural_scroll = false;
numlock_by_default = true;
sensitivity = mkDefault 0.3;
scroll_method = "2fg";
tablet = {
active_area_position = "50 60";
active_area_size = "39 22";
output = "current";
};
touchpad = {
clickfinger_behavior = true;
middle_button_emulation = true;
natural_scroll = true;
tap-to-click = true;
};
};
misc = {
disable_hyprland_logo = true;
disable_splash_rendering = true;
mouse_move_enables_dpms = true;
vfr = false;
vrr = 0; # TODO: Remove after flickering is fixed
};
monitor = [ ",highres,auto,1" ];
"$mod" = "SUPER";
bind = [
"$mod,q,killactive,"
"$mod,f,fullscreen,0"
"$mod SHIFT,F,togglefloating,"
"$mod CTRL,F,exec,hyprctl setprop active opaque toggle"
"$mod,left,movefocus,l"
"$mod,right,movefocus,r"
"$mod,up,movefocus,u"
"$mod,down,movefocus,d"
"$mod SHIFT,left,movewindow,l"
"$mod SHIFT,right,movewindow,r"
"$mod SHIFT,up,movewindow,u"
"$mod SHIFT,down,movewindow,d"
"$mod,f5,forcerendererreload,"
"$mod SHIFT,f5,exit,"
"$mod,f11,exec,sleep 1 && hyprctl dispatch dpms off"
"$mod,f12,exec,sleep 1 && hyprctl dispatch dpms on"
"$mod,p,exec,${execApp} wlogout -b 5"
# "$mod,escape,exec,${execApp} ${apps.monitor.cmd}"
"$mod,w,exec,${execApp} ${apps.dmenu.desktop} -show run"
"$mod CTRL,w,exec,${execApp} ${apps.dmenu.desktop} -show drun -modi drun -show-icons"
"$mod,return,exec,${execApp} ${apps.term.cmd}"
"$mod SHIFT,return,exec,${execApp} nop kitti3"
"$mod,e,exec,${execApp} ${apps.editor.cmd}"
"$mod,j,exec,${execApp} mpris-ctl prev"
"$mod,k,exec,${execApp} mpris-ctl pp"
"$mod,l,exec,${execApp} mpris-ctl next"
"$mod SHIFT,J,exec,${execApp} mpris-ctl --player Spotify prev"
"$mod SHIFT,K,exec,${execApp} mpris-ctl --player Spotify pp"
"$mod SHIFT,L,exec,${execApp} mpris-ctl --player Spotify next"
"$mod,m,exec,${execApp} pamixer -t"
"$mod,comma,exec,${execApp} pamixer -d 5"
"$mod,period,exec,${execApp} pamixer -i 5"
"$mod SHIFT,comma,exec,${execApp} pamixer -d 2"
"$mod SHIFT,period,exec,${execApp} pamixer -i 2"
"$mod,i,exec,${execApp} pavucontrol"
"$mod,d,exec,${execApp} ${apps.fm.cmd}"
# "$mod,y,exec,${execApp} ${pkgs.youtube-to-mpv}/bin/yt-mpv"
# "$mod SHIFT,Y,exec,${execApp} ${pkgs.youtube-to-mpv}/bin/yt-mpv --no-video"
"$mod,print,exec,${execApp} grim $(xdg-user-dir PICTURES)/Screenshots/$(date +'%Y-%m-%d+%H:%M:%S').png && notify-send 'Screenshot Saved'"
"$mod CTRL,print,exec,${execApp} grim - | wl-copy && notify-send 'Screenshot Copied to Clipboard'"
"$mod SHIFT,print,exec,${execApp} grim -g '$(slurp)' $(xdg-user-dir PICTURES)/Screenshots/$(date +'%Y-%m-%d+%H:%M:%S').png && notify-send 'Screenshot Saved'"
"$mod CTRLSHIFT,print,exec,${execApp} grim -g '$(slurp)' - | wl-copy && notify-send 'Screenshot Copied to Clipboard'"
",xf86audioplay,exec,${execApp} mpris-ctl pp"
",xf86audionext,exec,${execApp} mpris-ctl next"
",xf86audioprev,exec,${execApp} mpris-ctl prev"
",xf86audiolowervolume,exec,${execApp} pamixer -d 5"
",xf86audioraisevolume,exec,${execApp} pamixer -i 5"
"SHIFT,xf86audiolowervolume,exec,${execApp} pamixer -d 2"
"SHIFT,xf86audioraisevolume,exec,${execApp} pamixer -i 2"
",xf86audiomute,exec,${execApp} pamixer -t"
"$mod,s,togglegroup,"
"$mod,x,togglesplit,"
"$mod,c,changegroupactive,b"
"$mod,v,changegroupactive,f"
"$mod,V,exec,${execApp} cliphist list | ${apps.dmenu.desktop} -dmenu | cliphist decode | wl-copy"
"$mod,1,workspace,1"
"$mod,2,workspace,2"
"$mod,3,workspace,3"
"$mod,4,workspace,4"
"$mod,5,workspace,5"
"$mod,6,workspace,6"
"$mod,7,workspace,7"
"$mod,8,workspace,8"
"$mod,9,workspace,name:Email"
"$mod,0,workspace,name:Steam"
"$mod,b,workspace,name:Music"
"$mod,t,workspace,name:Messengers"
"$mod,g,workspace,name:Games"
"$mod SHIFT,1,movetoworkspacesilent,1"
"$mod SHIFT,2,movetoworkspacesilent,2"
"$mod SHIFT,3,movetoworkspacesilent,3"
"$mod SHIFT,4,movetoworkspacesilent,4"
"$mod SHIFT,5,movetoworkspacesilent,5"
"$mod SHIFT,6,movetoworkspacesilent,6"
"$mod SHIFT,7,movetoworkspacesilent,7"
"$mod SHIFT,8,movetoworkspacesilent,8"
"$mod SHIFT,9,movetoworkspacesilent,name:Email"
"$mod SHIFT,0,movetoworkspacesilent,name:Steam"
"$mod SHIFT,B,movetoworkspacesilent,name:Music"
"$mod SHIFT,T,movetoworkspacesilent,name:Messengers"
"$mod SHIFT,g,workspace,name:Games"
"ALT,1,movetoworkspacesilent,1"
"ALT,2,movetoworkspacesilent,2"
"ALT,3,movetoworkspacesilent,3"
"ALT,4,movetoworkspacesilent,4"
"ALT,5,movetoworkspacesilent,5"
"ALT,6,movetoworkspacesilent,6"
"ALT,7,movetoworkspacesilent,7"
"ALT,8,movetoworkspacesilent,8"
"ALT,9,movetoworkspacesilent,name:Email"
"ALT,0,movetoworkspacesilent,name:Steam"
"ALT,b,movetoworkspacesilent,name:Music"
"ALT,t,movetoworkspacesilent,name:Messengers"
"ALT,g,movetoworkspacesilent,name:Games"
"$mod ALT,1,movetoworkspace,1"
"$mod ALT,2,movetoworkspace,2"
"$mod ALT,3,movetoworkspace,3"
"$mod ALT,4,movetoworkspace,4"
"$mod ALT,5,movetoworkspace,5"
"$mod ALT,6,movetoworkspace,6"
"$mod ALT,7,movetoworkspace,7"
"$mod ALT,8,movetoworkspace,8"
"$mod ALT,9,movetoworkspace,name:Email"
"$mod ALT,0,movetoworkspace,name:Steam"
"$mod ALT,b,movetoworkspace,name:Music"
"$mod ALT,t,movetoworkspace,name:Messengers"
"$mod ALT,g,movetoworkspace,name:Games"
];
bindm = [
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
];
env = mapAttrs (n: v: "${n}=${v}") {
};
exec = map (x: "${execApp} ${x}") [
];
exec-once = map (x: "${execApp} ${x}") (
[
"wl-paste --type text --watch cliphist store"
"wl-paste --type image --watch cliphist store"
"${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"
]
++ config.startupApplications
);
windowrule = [
"center,class:^(Waydroid)$"
"float,class:^(gamescope)$"
"float,class:^(Waydroid)$"
"opaque,class:.*(jellyfin).*"
"opaque,class:.*(qemu).*"
"opaque,class:.*(virt-manager).*"
"opaque,class:^(.*winbox64.exe)$"
"opaque,class:^(Chromium-browser)$"
"opaque,class:^(firefox)$"
"opaque,class:^(gamescope)$"
"opaque,class:^(mpv)$"
"opaque,class:^(starrail.exe)$"
"opaque,class:^(steam)$"
"opaque,class:^(Waydroid)$"
"size 1600 900,class:^(Waydroid)$"
"tile,class:^(.*winbox64.exe)$"
"tile,title:^(Spotify)$"
"workspace name:Email silent,class:^(geary)$"
"workspace name:Email silent,class:^(thunderbird)$"
"workspace name:Messengers silent,class:^(org.telegram.desktop)$"
"workspace name:Music silent,title:^(Spotify)$"
"workspace name:Steam silent,class:^(.gamescope-wrapped)$,title:(Steam)"
"workspace name:Steam silent,class:^(steam)$"
];
};
};
};
}

32
modules/home/workspace/wayland/mako.nix Normal file
View File

@ -0,0 +1,32 @@
{ config, lib, ... }:
let
inherit (lib) mkDefault mkEnableOption mkIf;
inherit (config.theme) colors fonts icons;
cfg = config.ataraxia.wayland.mako;
in
{
options.ataraxia.wayland.mako = {
enable = mkEnableOption "Enable mako";
};
config = mkIf cfg.enable {
services.mako = {
enable = true;
settings = {
default-timeout = 10000;
font = "${fonts.sans.family} ${toString fonts.size.normal}";
height = 80;
icon-path = "${icons.package}/share/icons/${icons.name}";
layer = "overlay";
max-icon-size = 24;
max-visible = 10;
width = 500;
backgroundColor = mkDefault "#${colors.color0}AA";
textColor = mkDefault "#${colors.color5}";
borderColor = mkDefault "#${colors.color13}AA";
progressColor = mkDefault "over #${colors.color11}";
};
};
};
}

20
modules/home/workspace/wayland/misc.nix Normal file
View File

@ -0,0 +1,20 @@
{
config,
lib,
...
}:
let
inherit (lib) mkDefault mkEnableOption mkIf;
cfg = config.ataraxia.wayland;
in
{
options.ataraxia.wayland = {
enable = mkEnableOption "Enable wayland with compositor and other components";
};
config = mkIf cfg.enable {
ataraxia.wayland.hyprland.enable = mkDefault true;
ataraxia.wayland.waybar.enable = mkDefault true;
home.sessionVariables.NIXOS_OZONE_WL = "1";
};
}

259
modules/home/workspace/wayland/waybar.nix Normal file
View File

@ -0,0 +1,259 @@
{
config,
lib,
...
}:
let
inherit (lib) mkEnableOption mkIf;
inherit (config.theme) fonts;
cfg = config.ataraxia.wayland.waybar;
in
{
options.ataraxia.wayland.waybar = {
enable = mkEnableOption "Enable waybar";
laptopWidgets = mkEnableOption "Enable laptop widgets (e.g. battery)";
};
config = mkIf cfg.enable {
programs.waybar = {
enable = true;
# style = builtins.readFile ./style.css;
systemd.enable = true;
systemd.target = "graphical-session.target";
settings = {
mainBar = {
layer = "top";
position = "top";
# margin = "8 8 0 8";
modules-left =
[
"hyprland/workspaces"
# "wireplumber"
]
++ lib.optionals cfg.laptopWidgets [
"battery"
"backlight"
];
modules-center = [ "hyprland/window" ];
modules-right = [
"tray"
"disk"
"cpu"
# "temperature"
"memory"
"clock"
];
backlight = {
device = "intel_backlight";
format = "{percent}% {icon}";
format-icons = [
""
""
""
""
""
""
""
];
# min-length = 7;
};
battery = {
interval = 60;
states = {
warning = 30;
critical = 15;
};
format = "{icon} {capacity}%";
format-charging = "<span color=\"#e0af68\">󱐌</span> {capacity}%";
format-icons = [
"<span color=\"#f7768e\"> </span>"
"<span color=\"#f7768e\"> </span>"
"<span color=\"#7aa2f7\"> </span>"
"<span color=\"#7aa2f7\"> </span>"
"<span color=\"#7aa2f7\"> </span>"
];
on-update = "$HOME/.config/waybar/scripts/check_battery.sh";
};
clock = {
format = "{:%a, %d %b, %H:%M}";
tooltip-format = "<tt>{calendar}</tt>";
calendar = {
mode = "month";
mode-mon-col = 3;
weeks-pos = "right";
on-scroll = 1;
format = {
months = "<span color='#c0caf5'><b>{}</b></span>";
days = "<span color='#c0caf5'><b>{}</b></span>";
weeks = "<span color='#7dcfff'><b>W{}</b></span>";
weekdays = "<span color='#ff9e64'><b>{}</b></span>";
today = "<span color='#f7768e'><b><u>{}</u></b></span>";
};
};
actions = {
on-click-right = "mode";
on-click-middle = "shift_reset";
on-scroll-up = "shift_up";
on-scroll-down = "shift_down";
};
};
cpu = {
interval = 4;
format = "<span color=\"#7aa2f7\"></span>{usage}%";
};
disk = {
interval = 60;
format = "<span color=\"#7aa2f7\"></span>{free}";
path = "/home";
};
"hyprland/window" = {
max-length = 64;
};
"hyprland/workspaces" = {
format = "{icon}";
on-click = "activate";
disable-scroll = true;
format-icons = {
"10" = "0";
"Messengers" = "Msg";
"Music" = "Mus";
};
};
memory = {
format = "<span color=\"#7aa2f7\"></span>{used}GiB";
interval = 4;
};
temperature = {
# "hwmon-path" = "/sys/class/hwmon/hwmon0/temp1_input";
critical-threshold = 80;
format = "<span color=\"#7aa2f7\">\uf4f5</span>{temperatureC}°C";
format-critical = "<span color=\"#f7768e\"> </span>{temperatureC}°C";
interval = 4;
};
tray = {
icon-size = 12;
spacing = 6;
};
wireplumber = {
scroll-step = 5;
format = "<span color=\"#7aa2f7\">{icon} </span>{volume}%";
format-muted = "<span color=\"#f7768e\">\ueee8</span>Muted";
format-bluetooth = "<span color=\"#7aa2f7\">\uf282 </span>{volume}%";
on-click-right = "blueman-manager";
format-icons = [
"\uf026 "
"\uf027 "
"\uf028 "
];
on-click = "pavucontrol";
};
};
};
style =
let
accent = "lavender";
in
''
/* @import "catppuccin.css"; */
* {
font-family: "${fonts.mono.family}", feather;
font-weight: 500;
font-size: ${toString fonts.size.small}pt;
color: @text;
}
/* main waybar */
window#waybar {
padding: 0;
margin: 0;
/* background: rgba(26, 27, 38, 0.7); */
background: @base;
}
/* when hovering over modules */
tooltip {
background: @base;
border-radius: 5%;
}
#workspaces button {
padding: 2px;
}
/* Sets active workspace to have a solid line on the bottom */
#workspaces button.active {
border-bottom: 2px solid @${accent};
border-radius: 0;
margin-top: 2px;
transition: all 0.5s ease-in-out;
}
/* More workspace stuff for highlighting on hover */
#workspaces button.focused {
color: @subtext0;
}
#workspaces button.urgent {
color: #f7768e;
}
#workspaces button:hover {
background: @crust;
color: @text;
}
/* Sets background, padding, margins, and borders for (all) modules */
#workspaces,
#clock,
#window,
#temperature,
#disk,
#cpu,
#memory,
#network,
#wireplumber,
#tray,
#backlight,
#battery {
/* background: rgba(26, 27, 38, 0); */
background: @base;
padding: 0 10px;
border: 0;
}
#workspaces {
padding-right: 0px;
}
/* Hide window module when not focused on window or empty workspace */
window#waybar.empty #window {
padding: 0;
margin: 0;
opacity: 0;
}
/* Set up rounding to make these modules look like separate pills */
#tray {
color: @${accent};
border-radius: 12px;
margin-right: 4px;
}
#window {
border-radius: 12px;
}
/* close right side of bar */
#temperature {
border-radius: 12px 0 0 12px;
}
/* close left side of bar */
#battery {
border-radius: 0 12px 12px 0;
}
'';
};
};
}

215
modules/home/workspace/zsh/default.nix Normal file
View File

@ -0,0 +1,215 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.defaults.zsh;
in
{
options.ataraxia.defaults.zsh = {
enable = mkEnableOption "Default zsh settings";
};
config = mkIf cfg.enable {
home.sessionVariables.SHELL = getExe config.programs.zsh.package;
home.file.".profile".text = ''
. "${config.home.profileDirectory}/etc/profile.d/hm-session-vars.sh"
'';
programs = {
zsh = {
enable = true;
enableCompletion = true;
oh-my-zsh = {
enable = true;
theme = "agnoster";
plugins = [
"git"
"dirhistory"
];
};
plugins = [
{
name = "zsh-nix-shell";
file = "share/zsh-nix-shell/nix-shell.plugin.zsh";
src = pkgs.zsh-nix-shell;
}
{
name = "zsh-autosuggestions";
file = "share/zsh-autosuggestions/zsh-autosuggestions.zsh";
src = pkgs.zsh-autosuggestions;
}
{
name = "you-should-use";
file = "share/zsh/plugins/you-should-use/you-should-use.plugin.zsh";
src = pkgs.zsh-you-should-use;
}
{
name = "powerlevel10k-config";
src = ./.;
file = "p10k.zsh";
}
{
name = "zsh-powerlevel10k";
src = pkgs.zsh-powerlevel10k;
file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
}
{
name = "zsh-z";
src = pkgs.zsh-z;
file = "share/zsh-z/zsh-z.plugin.zsh";
}
];
dotDir = ".config/zsh";
history = rec {
size = 1000000;
save = size;
path = "${config.xdg.dataHome}/zsh/history";
};
envExtra = ''
SHELL="${pkgs.zsh}/bin/zsh";
ZSHZ_DATA="${config.xdg.dataHome}/zsh/z";
'';
shellAliases = {
"_" = "doas";
"clr" = "clear";
"rcp" = "rsync -ah --partial --no-whole-file --info=progress2";
"rrcp" = "_ rsync -ah --partial --no-whole-file --info=progress2";
"ncg" = "_ nix-collect-garbage";
"ncgd" = "_ nix-collect-garbage -d";
"weather" = "curl wttr.in/Volzhskiy";
"rede" = "systemctl --user start gammastep.service &";
"redd" = "systemctl --user stop gammastep.service &";
"show-packages" = "_ nix-store -q --references /run/current-system/sw";
"nsp" = "nix-shell --run zsh -p";
"nd" = "nix develop -c zsh";
"nb" = "nix build";
"nbf" = "nix-fast-build --flake";
"nbfc" = "nix-fast-build --skip-cached --flake";
"nr" = "nix run";
"e" = "$EDITOR";
"q" = "qalc";
"man" = "pinfo";
"l" = "eza -lag";
"tree" = "eza -T";
"ltree" = "eza -lgT";
"atree" = "eza -aT";
"latree" = "eza -lagT";
"t" = "trans";
"steam-gamescope" = "gamescope -b --steam -- steam -pipewire-dmabuf";
# systemd
"ctl" = "systemctl";
"ctlsp" = "systemctl stop";
"ctlst" = "systemctl start";
"ctlrt" = "systemctl restart";
"ctls" = "systemctl status";
"ctlu" = "systemctl --user";
"ctlusp" = "systemctl --user stop";
"ctlust" = "systemctl --user start";
"ctlurt" = "systemctl --user restart";
"ctlus" = "systemctl --user status";
"ctlfailed" = "systemctl --failed --all";
"ctlrf" = "systemctl reset-failed";
"ctldrd" = "systemctl daemon-reload";
"j" = "journalctl";
"ju" = "journalctl -xe -u";
"juu" = "journalctl -xe --user-unit";
};
initContent = ''
setopt HIST_IGNORE_SPACE
rga-fzf() {
RG_PREFIX="rga --files-with-matches"
local file
file="$(
FZF_DEFAULT_COMMAND="$RG_PREFIX '$1'" \
fzf --sort --preview="[[ ! -z {} ]] && rga --pretty --context 5 {q} {}" \
--phony -q "$1" \
--bind "change:reload:$RG_PREFIX {q}" \
--preview-window="70%:wrap"
)" &&
echo "opening $file" &&
xdg-open "$file"
}
# zst 7z archive
z7za() {
rm /tmp/7z-exclude.lst > /dev/null 2>&1 || true
for var in "$@"; do
\find "$var" -type l -print -exec readlink -f {} \; >> /tmp/7z-exclude.lst
done
7z a $(basename "$1").7z "$@" -m0=zstd -mx5 -xr@/tmp/7z-exclude.lst
}
# zst 7z archive to backup folder
z7zab() {
rm /tmp/7z-exclude.lst > /dev/null 2>&1 || true
for var in "$@"; do
\find "$var" -type l -print -exec readlink -f {} \; >> /tmp/7z-exclude.lst
done
7z a ~/backup/$(basename "$1").7z "$@" -m0=zstd -mx5 -xr@/tmp/7z-exclude.lst
}
gif2webm() {
file="$1"
dir=$(dirname $1)
file="$(basename $file)"
file="''${file%.*}"
ffmpeg -i "$1" -c:v libvpx-vp9 -b:v 0 -crf 30 -an "$dir/$file.webm"
}
gh_delete_runs() {
org="$1"
repo="$2"
set -a
source /run/secrets/github-token
set +a
run_ids=($(${pkgs.gh}/bin/gh api repos/$org/$repo/actions/runs --paginate --jq '.workflow_runs[] | .id'))
for run_id in "''${run_ids[@]}"
do
echo "Deleting Run ID $run_id"
${pkgs.gh}/bin/gh api repos/$org/$repo/actions/runs/$run_id --method DELETE >/dev/null &
done
}
jl() {
journalctl -o json --output-fields=MESSAGE,PRIORITY,_PID,SYSLOG_IDENTIFIER,_SYSTEMD_UNIT "$@" | lnav
}
# Start and then view status of service
ctlsts () {
systemctl start "$1"
systemctl status "$1"
}
ctlusts () {
systemctl --user start "$1"
systemctl --user status "$1"
}
# Restart and then view status of service
ctlrts () {
systemctl restart "$1"
systemctl status "$1"
}
ctlurts () {
systemctl --user restart "$1"
systemctl --user status "$1"
}
XDG_DATA_DIRS=$XDG_DATA_DIRS:$GSETTINGS_SCHEMAS_PATH
export XDG_DATA_DIRS=$XDG_DATA_DIRS:/usr/share:/var/lib/flatpak/exports/share:$HOME/.local/share/flatpak/exports/share
PS1="$PS1
$ "
'';
};
fzf = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
};
persist.state.directories = [ ".local/share/zsh" ];
};
}

1641
modules/home/workspace/zsh/p10k.zsh Normal file
View File

File diff suppressed because it is too large Load Diff

32
modules/nixos/applications/corectrl.nix Normal file
View File

@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (builtins) hasAttr;
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.corectrl;
defaultUser = config.ataraxia.defaults.users.defaultUser;
in
{
options.ataraxia.programs.corectrl = {
enable = mkEnableOption "Enable corectrl program";
};
config = mkIf cfg.enable {
programs.corectrl = {
enable = true;
gpuOverclock.enable = true;
# gpuOverclock.ppfeaturemask = "0xffffffff";
};
home-manager = mkIf (hasAttr "users" config.home-manager) {
users.${defaultUser} = {
startupApplications = [ "${pkgs.corectrl}/bin/corectrl" ];
persist.state.directories = [ ".config/corectrl" ];
};
};
};
}

52
modules/nixos/applications/steam.nix Normal file
View File

@ -0,0 +1,52 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (builtins) hasAttr;
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.steam;
defaultUser = config.ataraxia.defaults.users.defaultUser;
in
{
options.ataraxia.programs.steam = {
enable = mkEnableOption "Enable steam";
};
config = mkIf cfg.enable {
programs.gamescope.enable = true;
programs.gamescope.capSysNice = false;
services.ananicy = {
enable = true;
package = pkgs.ananicy-cpp;
rulesProvider = pkgs.ananicy-cpp;
extraRules = [
{
"name" = "gamescope";
"nice" = -20;
}
];
};
programs.steam.enable = true;
programs.steam.extraCompatPackages = with pkgs; [
proton-ge-bin
];
programs.steam.gamescopeSession.enable = true;
programs.steam.gamescopeSession.env = {
MANGOHUD = "1";
CONNECTOR = "*,DP-3";
};
programs.steam.gamescopeSession.args = [ "--adaptive-sync" ];
home-manager = mkIf (hasAttr "users" config.home-manager) {
users.${defaultUser} = {
startupApplications = [ "${config.programs.steam.package}/bin/steam" ];
persist.state.directories = [ ".local/share/Steam" ];
};
};
};
}

4
modules/nixos/backups/default.nix
View File

@ -1,4 +0,0 @@
{ ... }:
{
imports = [ ./postgresql.nix ];
}

48
modules/nixos/boot/default.nix Normal file
View File

@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkDefault mkEnableOption mkIf;
cfg = config.ataraxia.defaults.boot;
in
{
options.ataraxia.defaults.boot = {
enable = mkEnableOption "Default boot settings";
};
config = mkIf cfg.enable {
boot = {
loader = {
timeout = mkDefault 4;
systemd-boot.enable = mkDefault false;
};
kernelParams = [
"kvm.ignore_msrs=1"
"kvm.report_ignored_msrs=0"
"nofb"
"rd.systemd.show_status=auto"
"rd.udev.log_priority=3"
"zswap.enabled=0"
];
kernelPackages = pkgs.linuxPackages_xanmod_latest;
consoleLogLevel = 3;
kernel.sysctl = mkIf config.zramSwap.enable {
"vm.swappiness" = 100;
"vm.vfs_cache_pressure" = 200;
"vm.dirty_background_ratio" = 1;
"vm.dirty_ratio" = 40;
"vm.page-cluster" = 0;
};
tmp.cleanOnBoot = !config.boot.tmp.useTmpfs;
};
};
}

37
modules/nixos/default.nix
View File

@ -1,11 +1,38 @@
{ lib, ... }: { lib, ... }:
let let
inherit (lib) filterAttrs; inherit (lib) hasSuffix remove;
inherit (builtins) attrNames readDir; inherit (builtins)
moduleDirs = attrValues
concatLists
mapAttrs
readDir
;
filterRoot = remove (./. + "/default.nix");
findModules =
dir: dir:
map (name: dir + "/${name}") (attrNames (filterAttrs (_: type: type == "directory") (readDir dir))); concatLists (
attrValues (
mapAttrs (
name: type:
if type == "directory" then
if (readDir (dir + "/${name}")) ? "default.nix" then
[
(dir + "/${name}")
]
else
findModules (dir + "/${name}")
else if (type == "regular" && (hasSuffix ".nix" name)) then
[
(dir + "/${name}")
]
else
[ ]
) (readDir dir)
)
);
in in
{ {
imports = moduleDirs ./.; imports = filterRoot (findModules ./.);
} }

18
modules/nixos/filesystems/btrfs.nix
View File

@ -41,6 +41,16 @@ in
{ {
options.ataraxia.filesystems.btrfs = { options.ataraxia.filesystems.btrfs = {
enable = mkEnableOption "Root on btrfs"; enable = mkEnableOption "Root on btrfs";
mountpoints = mkOption {
type = listOf str;
default = [ ];
description = ''
A list of absolute paths to BTRFS subvolume mountpoints.
These paths will be automatically filtered out from the directories persisted through
persist module to prevent conflicts with BTRFS' native mount management. Any matching entries
in the persistence list will be removed.
'';
};
# Btrfs clean root # Btrfs clean root
eraseOnBoot = { eraseOnBoot = {
enable = mkOption { enable = mkOption {
@ -108,10 +118,10 @@ in
requires = [ cfg.eraseOnBoot.waitForDevice ]; requires = [ cfg.eraseOnBoot.waitForDevice ];
after = [ cfg.eraseOnBoot.waitForDevice ]; after = [ cfg.eraseOnBoot.waitForDevice ];
before = [ "sysroot.mount" ]; before = [ "sysroot.mount" ];
path = [ path = with pkgs; [
pkgs.btrfs-progs btrfs-progs
pkgs.coreutils coreutils
pkgs.util-linuxMinimal.mount util-linuxMinimal.mount
]; ];
unitConfig.DefaultDependencies = "no"; unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";

7
modules/nixos/filesystems/default.nix
View File

@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./btrfs.nix
./zfs.nix
];
}

83
modules/nixos/filesystems/zfs.nix
View File

@ -1,16 +1,87 @@
{ config, lib, ... }: { config, lib, ... }:
let let
inherit (lib) mkIf mkEnableOption; inherit (lib)
concatStringsSep
mkIf
mkEnableOption
mkOption
mkBefore
;
inherit (lib.types)
bool
str
listOf
;
cfg = config.ataraxia.filesystems.zfs; cfg = config.ataraxia.filesystems.zfs;
in in
{ {
options.ataraxia.filesystems.zfs = { options.ataraxia.filesystems.zfs = {
enable = mkEnableOption "Root on zfs"; enable = mkEnableOption "Root on zfs";
mountpoints = mkOption {
type = listOf str;
default = [ ];
description = ''
A list of absolute paths to ZFS dataset mountpoints.
These paths will be automatically filtered out from the directories persisted through
persist module to prevent conflicts with ZFS's native mount management. Any matching entries
in the persistence list will be removed.
'';
};
# Zfs clean root
eraseOnBoot = {
enable = mkOption {
type = bool;
default = config.persist.enable;
description = "Rollback zfs datasets on boot";
};
snapshots = mkOption {
type = listOf str;
default = [ ];
example = [ "rpool/nixos/root@empty" ];
description = ''
A list of dataset snapshots to rollback on boot.
'';
};
};
}; };
config = mkIf cfg.enable { config =
persist.state.files = [ let
"/etc/zfs/zpool.cache" script = concatStringsSep "\n" (
]; map (x: ''
}; ${config.boot.zfs.package}/bin/zfs rollback -r ${x} && echo ">>> rollback ${x} <<<"
'') cfg.eraseOnBoot.snapshots
);
in
mkIf cfg.enable {
boot.initrd = mkIf cfg.eraseOnBoot.enable {
postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable) (mkBefore script);
systemd.services.rollback = mkIf config.boot.initrd.systemd.enable {
description = "Rollback zfs datasets to a pristine state on boot";
wantedBy = [ "initrd.target" ];
requires = [ "zfs-import-rpool.service" ];
after = [ "zfs-import-rpool.service" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = script;
};
};
boot.kernelParams = [
"zfs.metaslab_lba_weighting_enabled=0"
];
services.zfs = {
autoScrub.enable = true;
autoScrub.interval = "monthly";
trim.enable = true;
trim.interval = "weekly";
};
persist.state.files = [
"/etc/zfs/zpool.cache"
];
};
} }

88
modules/nixos/hardware/hardware.nix Normal file
View File

@ -0,0 +1,88 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf mkOption;
inherit (lib.types) enum nullOr;
cfg = config.ataraxia.defaults.hardware;
in
{
options.ataraxia.defaults.hardware = {
enable = mkEnableOption "Default hardware settings";
graphics = mkEnableOption "Enable hardware.graphics module";
cpuVendor = mkOption {
default = null;
type = nullOr (enum [
"amd"
"intel"
]);
};
gpuVendor = mkOption {
default = null;
type = nullOr (enum [
"amd"
"intel"
"nvidia"
]);
};
};
config = mkIf cfg.enable (
lib.mkMerge [
{
hardware.cpu.${cfg.cpuVendor}.updateMicrocode = true;
hardware.enableRedistributableFirmware = true;
}
(lib.mkIf (cfg.graphics) {
boot.initrd.kernelModules =
if (cfg.gpuVendor == "amd") then
[
"amdgpu"
]
else if (cfg.gpuVendor == "intel") then
[
"i915"
]
else
[ ];
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages =
if cfg.gpuVendor == "intel" then
[
pkgs.intel-media-driver
pkgs.intel-vaapi-driver
pkgs.libvdpau-va-gl
]
else
[ ];
};
hardware.amdgpu = lib.mkIf (cfg.gpuVendor == "amd") {
opencl.enable = false;
initrd.enable = config.boot.initrd.systemd.enable;
};
environment.sessionVariables =
if (cfg.gpuVendor == "intel") then
{
GST_VAAPI_ALL_DRIVERS = "1";
LIBVA_DRIVER_NAME = "iHD";
VDPAU_DRIVER = "va_gl";
}
else if (cfg.gpuVendor == "amd") then
{
AMD_VULKAN_ICD = "RADV";
}
else
{ };
})
]
);
}

44
modules/nixos/hardware/sound.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.sound;
in
{
options.ataraxia.defaults.sound = {
enable = mkEnableOption "Default sound settings";
};
config = mkIf cfg.enable {
security.rtkit.enable = true;
services.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
wireplumber.extraConfig = {
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
};
};
extraConfig.client = {
"10-no-resample" = {
"stream.properties" = {
"resample.disable" = true;
};
};
};
};
};
}

23
modules/nixos/locale/default.nix
View File

@ -3,13 +3,12 @@ let
inherit (lib) mkDefault mkEnableOption mkIf; inherit (lib) mkDefault mkEnableOption mkIf;
cfg = config.ataraxia.defaults.locale; cfg = config.ataraxia.defaults.locale;
c = "C.UTF-8";
dk = "en_DK.UTF-8"; dk = "en_DK.UTF-8";
gb = "en_GB.UTF-8"; gb = "en_GB.UTF-8";
ie = "en_IE.UTF-8"; ie = "en_IE.UTF-8";
ru = "ru_RU.UTF-8"; ru = "ru_RU.UTF-8";
us = "en_US.UTF-8"; us = "en_US.UTF-8";
lang = "en_IE:en_US:en:C:ru_RU"; lang = "en_US:en:C:ru_RU:ru";
in in
{ {
options.ataraxia.defaults.locale = { options.ataraxia.defaults.locale = {
@ -17,10 +16,8 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.sessionVariables = { # Locale
XKB_DEFAULT_LAYOUT = "us,ru"; i18n.defaultCharset = "UTF-8";
XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";
};
i18n.defaultLocale = ie; i18n.defaultLocale = ie;
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LANGUAGE = lang; LANGUAGE = lang;
@ -31,14 +28,18 @@ in
LC_PAPER = ru; LC_PAPER = ru;
LC_TELEPHONE = ru; LC_TELEPHONE = ru;
}; };
i18n.supportedLocales = map (x: "${x}/UTF-8") [ i18n.extraLocales = map (x: "${x}/${config.i18n.defaultCharset}") [
c
dk
gb gb
ie
ru
us us
]; ];
# Keyboard layout
console.earlySetup = true;
console.useXkbConfig = true;
services.xserver.xkb = {
layout = "us,ru";
options = "grp:win_space_toggle";
};
# Timezone
time.timeZone = mkDefault "Europe/Moscow"; time.timeZone = mkDefault "Europe/Moscow";
}; };
} }

105
modules/nixos/network/default.nix → modules/nixos/networking/networkd.nix
View File

@ -5,26 +5,45 @@
... ...
}: }:
let let
inherit (builtins) concatLists filter;
inherit (lib) inherit (lib)
getExe
mkDefault mkDefault
mkEnableOption mkEnableOption
mkForce mkForce
mkIf mkIf
mkOption mkOption
optionals
; ;
inherit (lib.types) inherit (lib.types)
bool bool
listOf listOf
nullOr nullOr
str str
submodule
; ;
cfg = config.ataraxia.network; cfg = config.ataraxia.networkd;
ipAddressType = submodule {
options = {
address = mkOption {
type = str;
};
gateway = mkOption {
type = nullOr str;
default = null;
};
dns = mkOption {
type = listOf str;
default = [ ];
};
gatewayOnLink = mkEnableOption "Enable GatewayOnLink";
};
};
in in
{ {
options.ataraxia.network = { options.ataraxia.networkd = {
enable = mkEnableOption "Enable systemd-networkd bridged network"; enable = mkEnableOption "Enable systemd-networkd bridged network";
enableIPv6 = mkEnableOption "Enable IPv6"; disableIPv6 = mkEnableOption "Enable IPv6";
domain = mkOption { domain = mkOption {
type = nullOr str; type = nullOr str;
default = null; default = null;
@ -35,6 +54,7 @@ in
mac = mkOption { mac = mkOption {
type = str; type = str;
}; };
# TODO: implement disabling bridge
bridge = { bridge = {
enable = mkOption { enable = mkOption {
type = bool; type = bool;
@ -45,31 +65,21 @@ in
default = "br0"; default = "br0";
}; };
}; };
ipv4 = { ipv4 = mkOption {
address = mkOption { type = listOf ipAddressType;
type = str; default = [ ];
};
gateway = mkOption {
type = str;
};
dns = mkOption {
type = listOf str;
default = [ ];
};
gatewayOnLink = mkEnableOption "Enable GatewayOnLink";
}; };
ipv6 = { ipv6 = mkOption {
address = mkOption { type = listOf ipAddressType;
type = str; default =
}; if !cfg.disableIPv6 then
gateway = mkOption { [
type = str; {
}; address = "fc00::1/64";
dns = mkOption { }
type = listOf str; ]
default = [ ]; else
}; [ ];
gatewayOnLink = mkEnableOption "Enable GatewayOnLink";
}; };
}; };
@ -77,11 +87,11 @@ in
services.resolved.enable = true; services.resolved.enable = true;
networking = { networking = {
dhcpcd.enable = false; dhcpcd.enable = false;
domain = mkIf (cfg ? domain) cfg.domain; domain = cfg.domain;
enableIPv6 = cfg.enableIPv6; enableIPv6 = !cfg.disableIPv6;
nftables.enable = true; nftables.enable = true;
useDHCP = false; useDHCP = false;
useNetworkd = false; useNetworkd = true;
usePredictableInterfaceNames = mkForce true; usePredictableInterfaceNames = mkForce true;
firewall = { firewall = {
enable = true; enable = true;
@ -111,37 +121,26 @@ in
}; };
"40-${cfg.bridge.name}" = { "40-${cfg.bridge.name}" = {
matchConfig.Name = cfg.bridge.name; matchConfig.Name = cfg.bridge.name;
address = address = map (ip: ip.address) (cfg.ipv4 ++ cfg.ipv6);
[ dns = concatLists (map (ip: ip.dns) (cfg.ipv4 ++ cfg.ipv6));
cfg.ipv4.address
]
++ optionals cfg.enableIPv6 [
cfg.ipv6.address
"fc00::1/64"
];
dns = cfg.ipv4.dns ++ optionals cfg.enableIPv6 cfg.ipv6.dns;
networkConfig.LinkLocalAddressing = "no"; networkConfig.LinkLocalAddressing = "no";
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
routes = routes =
[ let
{ filteredRoutes = filter (ip: ip.gateway != null) (cfg.ipv4 ++ cfg.ipv6);
Gateway = cfg.ipv4.gateway; routes = map (x: {
GatewayOnLink = mkIf cfg.ipv4.gatewayOnLink true; Gateway = x.gateway;
} GatewayOnLink = x.gatewayOnLink;
] }) filteredRoutes;
++ optionals cfg.enableIPv6 [ in
{ routes;
Gateway = cfg.ipv6.gateway;
GatewayOnLink = mkIf cfg.ipv4.gatewayOnLink true;
}
];
}; };
}; };
}; };
system.activationScripts.udp-gro-forwarding = mkIf cfg.bridge.enable { system.activationScripts.udp-gro-forwarding = mkIf cfg.bridge.enable {
text = '' text = ''
${pkgs.ethtool}/bin/ethtool -K ${cfg.bridge.name} rx-udp-gro-forwarding on rx-gro-list off ${getExe pkgs.ethtool} -K ${cfg.bridge.name} rx-udp-gro-forwarding on rx-gro-list off
''; '';
}; };
}; };

32
modules/nixos/networking/networkmanager.nix Normal file
View File

@ -0,0 +1,32 @@
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkForce
mkIf
mkOption
;
inherit (lib.types) listOf package;
cfg = config.ataraxia.networkmanager;
in
{
options.ataraxia.networkmanager = {
enable = mkEnableOption "Enable NetworkManager";
plugins = mkOption {
type = listOf package;
default = [ ];
description = ''
List of NetworkManager plug-ins to enable.
'';
};
};
config = mkIf cfg.enable {
networking.networkmanager.enable = mkForce true;
networking.networkmanager.plugins = mkForce cfg.plugins;
persist.state.directories = [
"/etc/NetworkManager/system-connections"
];
};
}

79
modules/nixos/networking/sing-box.nix Normal file
View File

@ -0,0 +1,79 @@
{
config,
lib,
pkgs,
secretsDir,
...
}:
let
inherit (lib)
mkEnableOption
mkPackageOption
mkIf
mkOption
;
inherit (lib.types) str;
cfg = config.ataraxia.vpn.sing-box;
isNetworkd = config.networking.useNetworkd;
in
{
options.ataraxia.vpn.sing-box = {
enable = mkEnableOption "Enable sing-box proxy service";
package = mkPackageOption pkgs "sing-box" { };
config = mkOption {
type = str;
description = "Name of sing-box config in sops secret";
};
interfaceName = mkOption {
type = str;
default = "singtun0";
description = "Name of sing-box tunnel network interface";
};
};
config = mkIf cfg.enable {
sops.secrets.${cfg.config} = {
sopsFile = secretsDir + /proxy.yaml;
restartUnits = [ "sing-box.service" ];
mode = "0600";
};
environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];
systemd.services.sing-box = {
preStart = ''
umask 0007
mkdir -p ''${RUNTIME_DIRECTORY}
cp ${config.sops.secrets.${cfg.config}.path} ''${RUNTIME_DIRECTORY}/config.json
'';
serviceConfig = {
StateDirectory = "sing-box";
StateDirectoryMode = "0700";
RuntimeDirectory = "sing-box";
RuntimeDirectoryMode = "0700";
ExecStart = [
""
"${lib.getExe cfg.package} -D \${STATE_DIRECTORY} -C \${RUNTIME_DIRECTORY} run"
];
};
wantedBy = [ "multi-user.target" ];
};
networking.dhcpcd.denyInterfaces = [ cfg.interfaceName ];
systemd.network = {
wait-online.ignoredInterfaces = [ cfg.interfaceName ];
networks."50-singbox" = mkIf isNetworkd {
matchConfig = {
Name = cfg.interfaceName;
};
linkConfig = {
Unmanaged = true;
ActivationPolicy = "manual";
};
};
};
};
}

0
modules/nixos/vpn/tailscale.nix → modules/nixos/networking/tailscale.nix
View File

0
modules/nixos/lix/default.nix → modules/nixos/nix/lix.nix
View File

3
modules/nixos/nix/default.nix → modules/nixos/nix/nix.nix
View File

@ -2,6 +2,7 @@
config, config,
lib, lib,
inputs, inputs,
flake-nixpkgs,
flake-self, flake-self,
... ...
}: }:
@ -15,7 +16,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.etc.nixpkgs.source = config.nixpkgs.flake.source; environment.etc.nixpkgs.source = flake-nixpkgs.outPath;
environment.etc.self.source = flake-self.outPath; environment.etc.self.source = flake-self.outPath;
nix = { nix = {
channel.enable = false; channel.enable = false;

95
modules/nixos/persist/default.nix
View File

@ -7,20 +7,25 @@
let let
inherit (lib) inherit (lib)
escapeShellArg escapeShellArg
filterAttrs hasPrefix
mapAttrs hasSuffix
mapAttrs'
mkEnableOption mkEnableOption
mkDefault
mkIf mkIf
mkMerge
mkOption mkOption
nameValuePair optionalString
optionalAttrs
recursiveUpdate recursiveUpdate
unique
; ;
inherit (lib.types) listOf path str; inherit (lib.types) listOf path str;
inherit (builtins) concatMap; inherit (builtins) any concatMap filter;
cfg = config.persist; cfg = config.persist;
btrfs = config.ataraxia.filesystems.btrfs.mountpoints;
zfs = config.ataraxia.filesystems.zfs.mountpoints;
mountpoints = map (x: "${x}${optionalString (!(hasSuffix "/" x)) "/"}") (unique (btrfs ++ zfs));
subtractListsPrefix = a: filter (dir: !(any (pref: hasPrefix pref dir) a));
in in
{ {
imports = [ inputs.impermanence.nixosModules.impermanence ]; imports = [ inputs.impermanence.nixosModules.impermanence ];
@ -66,12 +71,6 @@ in
config = config =
let let
# TODO: fix infinite recursion (can't get user home directory)
# userPersists = lib.mapAttrs (name: cfg:
# cfg.persist // {
# home = config.users.users.${name}.home;
# }
# ) config.home-manager.users;
takeAll = what: concatMap (x: x.${what}); takeAll = what: concatMap (x: x.${what});
persists = with cfg; [ persists = with cfg; [
state state
@ -79,74 +78,30 @@ in
]; ];
allFiles = takeAll "files" persists; allFiles = takeAll "files" persists;
allDirectories = takeAll "directories" persists; allDirectories = takeAll "directories" persists;
# Remove btrfs + zfs mountpoints from list of dirs to persist
userPersists = mapAttrs (_: cfg: cfg.persist) ( filteredDirs = subtractListsPrefix mountpoints allDirectories;
{ } // optionalAttrs (builtins.hasAttr "home-manager" config) config.home-manager.users
);
usersFlatten = mapAttrs (
name: cfg:
let
persists = with cfg; [
state
cache
];
allHomeFiles = takeAll "files" persists;
allHomeDirectories = takeAll "directories" persists;
in
{
home = "/home/${name}";
directories = allHomeDirectories;
files = allHomeFiles;
}
) userPersists;
in in
mkIf cfg.enable { mkIf cfg.enable {
environment.persistence.${cfg.persistRoot} = { environment.persistence.${cfg.persistRoot} = {
hideMounts = true; hideMounts = true;
directories = allDirectories; directories = filteredDirs;
files = allFiles; files = allFiles;
users = usersFlatten; # users = usersFlatten;
}; };
systemd.services = programs.fuse.userAllowOther = mkDefault true;
let
filtered = filterAttrs (_: cfg: cfg.cache.clean.enable) userPersists;
in
mkMerge [
(mapAttrs' (
name: cfg:
let
absoluteHomePath = map (x: "/home/${name}/${x}");
in
nameValuePair "persist-cache-cleanup-${name}" {
description = "Cleaning up cache files and directories for user ${name}";
script = ''
${builtins.concatStringsSep "\n" (
map (x: "rm ${escapeShellArg x}") (absoluteHomePath cfg.cache.files)
)}
${builtins.concatStringsSep "\n" ( systemd.services.persist-cache-cleanup = mkIf cfg.cache.clean.enable {
map (x: "rm -rf ${escapeShellArg x}") (absoluteHomePath cfg.cache.directories) description = "Cleaning up cache files and directories";
)} script = ''
''; ${builtins.concatStringsSep "\n" (map (x: "rm ${escapeShellArg x}") cfg.cache.files)}
startAt = cfg.cache.clean.dates;
}
) filtered)
{
persist-cache-cleanup = mkIf cfg.cache.clean.enable {
description = "Cleaning up cache files and directories";
script = ''
${builtins.concatStringsSep "\n" (map (x: "rm ${escapeShellArg x}") cfg.cache.files)}
${builtins.concatStringsSep "\n" (map (x: "rm -rf ${escapeShellArg x}") cfg.cache.directories)} ${builtins.concatStringsSep "\n" (map (x: "rm -rf ${escapeShellArg x}") cfg.cache.directories)}
''; '';
startAt = cfg.cache.clean.dates; startAt = cfg.cache.clean.dates;
}; };
}
];
fileSystems.${cfg.persistRoot}.neededForBoot = true; fileSystems.${cfg.persistRoot}.neededForBoot = true;
# TODO: disable some dirs if using zfs
# Persist by default # Persist by default
persist.cache.directories = [ persist.cache.directories = [
"/var/cache" "/var/cache"

7
modules/nixos/profiles/default.nix
View File

@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./hardened.nix
./minimal.nix
];
}

2
modules/nixos/profiles/minimal.nix
View File

@ -36,6 +36,8 @@ in
stub-ld.enable = mkDefault false; stub-ld.enable = mkDefault false;
}; };
fonts.enableDefaultPackages = false;
programs = { programs = {
# The lessopen package pulls in Perl. # The lessopen package pulls in Perl.
less.lessopen = mkDefault null; less.lessopen = mkDefault null;

45
modules/nixos/roles/default.nix
View File

@ -1,6 +1,8 @@
{ {
config, config,
lib, lib,
pkgs,
inputs,
... ...
}: }:
let let
@ -31,19 +33,28 @@ in
}; };
}; };
imports = [ inputs.nix-index-database.nixosModules.nix-index ];
config = config =
let let
baseRole = { baseRole = {
ataraxia.defaults.boot.enable = mkDefault true;
ataraxia.defaults.hardware.enable = mkDefault true;
ataraxia.defaults.locale.enable = mkDefault true; ataraxia.defaults.locale.enable = mkDefault true;
ataraxia.defaults.lix.enable = mkDefault true; ataraxia.defaults.lix.enable = mkDefault true;
ataraxia.defaults.nix.enable = mkDefault true; ataraxia.defaults.nix.enable = mkDefault true;
ataraxia.defaults.ssh.enable = mkDefault true; ataraxia.defaults.ssh.enable = mkDefault true;
ataraxia.defaults.users.enable = mkDefault true; ataraxia.defaults.users.enable = mkDefault true;
programs.nix-index.enable = mkDefault true;
programs.nix-index-database.comma.enable = mkDefault true;
persist.enable = mkDefault true; persist.enable = mkDefault true;
persist.cache.clean.enable = mkDefault true;
# Do not compress journal logs if using native fs compression # Do not compress journal logs if using native fs compression
services.journald.extraConfig = mkIf fsCompression (mkDefault "Compress=false"); services.journald.extraConfig = mkIf fsCompression (mkDefault "Compress=false");
services.speechd.enable = false;
boot.initrd.systemd.enable = mkDefault true; boot.initrd.systemd.enable = mkDefault true;
services.userborn.enable = mkDefault true; services.userborn.enable = mkDefault true;
@ -52,10 +63,22 @@ in
system.etc.overlay.enable = mkDefault true; system.etc.overlay.enable = mkDefault true;
system.etc.overlay.mutable = mkDefault true; system.etc.overlay.mutable = mkDefault true;
systemd.services.systemd-timesyncd.wantedBy = [
"multi-user.target"
];
systemd.timers.systemd-timesyncd = {
timerConfig.OnCalendar = "hourly";
};
environment.systemPackages = with pkgs; [
git
];
zramSwap = { zramSwap = {
enable = true; enable = true;
algorithm = "zstd"; algorithm = "zstd";
memoryPercent = 100; priority = mkDefault 100;
memoryPercent = mkDefault 50;
}; };
}; };
serverRole = recursiveUpdate baseRole { serverRole = recursiveUpdate baseRole {
@ -63,14 +86,32 @@ in
ataraxia.profiles.minimal = mkDefault true; ataraxia.profiles.minimal = mkDefault true;
time.timeZone = "Etc/UTC"; time.timeZone = "Etc/UTC";
zramSwap.memoryPercent = 100;
}; };
desktopRole = recursiveUpdate baseRole { desktopRole = recursiveUpdate baseRole {
services.getty.autologinUser = defaultUser; ataraxia.defaults.hardware.graphics = mkDefault true;
ataraxia.defaults.sound.enable = mkDefault true;
ataraxia.wayland.enable = mkDefault true;
ataraxia.wayland.hyprland.enable = mkDefault true;
services.gvfs.enable = mkDefault true;
# saved space, but you need to recompile gvfs
services.gvfs.package = (
pkgs.gnome.gvfs.override {
samba = null;
gnomeSupport = false;
}
);
services.getty.autologinUser = mkDefault defaultUser;
location = { location = {
provider = "manual"; provider = "manual";
latitude = 48; latitude = 48;
longitude = 44; longitude = 44;
}; };
zramSwap.memoryPercent = 150;
}; };
in in
mkMerge [ mkMerge [

0
modules/nixos/ssh/default.nix → modules/nixos/services/ssh.nix
View File

10
modules/nixos/user/default.nix
View File

@ -5,7 +5,11 @@
... ...
}: }:
let let
inherit (lib) mkIf mkEnableOption mkOption; inherit (lib)
mkIf
mkEnableOption
mkOption
;
inherit (lib.types) str; inherit (lib.types) str;
cfg = config.ataraxia.defaults.users; cfg = config.ataraxia.defaults.users;
in in
@ -51,7 +55,7 @@ in
]; ];
uid = 1000; uid = 1000;
hashedPassword = "$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6"; hashedPassword = "$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6";
shell = pkgs.bashInteractive; shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+xd8ClJPvJuAdYC9HlNnjiubEtYfvnKjYr9ROV+UmPVvI3ZITF24OaMI+fxgR0EqGfcUzSGom8528IB53Q3aFMIAaA0vKjW+jrByyB2l/k/+ttpLbH75c9WyOpAcUDTen8BhHKPyXOHoJ1jLu7GFmtPZ+mZo8thFB/VIRrwECHd8DnF0drsSCorkRp1bZC7bAHgztaYHNBUoAVGgJ7nLwW7DotlgbUEDiPJHXOxd/c/ZlXIB/cfUUqF+L5ThbMPhMcwRMspLy+nQdmHhih9k6SkvYqJoNqHT5/XeShb0RkIzvUWT2CYTPop5kAY5mMnatVTOY1FZPhHzk3G8MhOQ3r/elM/ecZxmjL8uozMN9kRGf1IL4DgQZfVqQRILdNSQGb0tfeiyirNZe1RlDw9UvMnZJOw0EkiC9lSSRhBWXXxAmxRrbNFTPQSp+/kiIGDmp2AsGhD11CfTDEU3wcLEUPBUqp1FYSzHncJyEKGy2Dpa5xaUJ0cuyGL4W3WHDXa4sTfY+AIXbQTD88Ujdsbfzyd6lrikG4D/crCurXissrh7q9DuYKWRI24cp5bw9lG33U1EXisnZqFyZNwMAmSj2QEGsHCwSevn0FgyRa2WYXgpZ9hfgY4le+ZSMo2JTosQ6DjGyxMDyQAHJ/ismTTzL67Q2p6U+73toYm62Qqdspw== (none)" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+xd8ClJPvJuAdYC9HlNnjiubEtYfvnKjYr9ROV+UmPVvI3ZITF24OaMI+fxgR0EqGfcUzSGom8528IB53Q3aFMIAaA0vKjW+jrByyB2l/k/+ttpLbH75c9WyOpAcUDTen8BhHKPyXOHoJ1jLu7GFmtPZ+mZo8thFB/VIRrwECHd8DnF0drsSCorkRp1bZC7bAHgztaYHNBUoAVGgJ7nLwW7DotlgbUEDiPJHXOxd/c/ZlXIB/cfUUqF+L5ThbMPhMcwRMspLy+nQdmHhih9k6SkvYqJoNqHT5/XeShb0RkIzvUWT2CYTPop5kAY5mMnatVTOY1FZPhHzk3G8MhOQ3r/elM/ecZxmjL8uozMN9kRGf1IL4DgQZfVqQRILdNSQGb0tfeiyirNZe1RlDw9UvMnZJOw0EkiC9lSSRhBWXXxAmxRrbNFTPQSp+/kiIGDmp2AsGhD11CfTDEU3wcLEUPBUqp1FYSzHncJyEKGy2Dpa5xaUJ0cuyGL4W3WHDXa4sTfY+AIXbQTD88Ujdsbfzyd6lrikG4D/crCurXissrh7q9DuYKWRI24cp5bw9lG33U1EXisnZqFyZNwMAmSj2QEGsHCwSevn0FgyRa2WYXgpZ9hfgY4le+ZSMo2JTosQ6DjGyxMDyQAHJ/ismTTzL67Q2p6U+73toYm62Qqdspw== (none)"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP0/DReYSAfkucroMTdELzTORsGhhbEa+W0FDFBnwViHuoqoKvetCOkW657icexc5v/j6Ghy3+Li9twbHnEDzUJVtNtauhGMjOcUYt6pTbeJ09CGSAh+orxzeY4vXp7ANb91xW8yRn/EE4ALxqbLsc/D7TUMl11fmf0UW+kLgU5TcUYVSLMjQqBpD1Lo7lXLrImloDxe5fwoBDT09E59r9tq6+/3aHz8mpKRLsIQIV0Av00BRJ+/OVmZuBd9WS35rfkpUYmpEVInSJy3G4O6kCvY/zc9Bnh67l4kALZZ0+6W23kBGrzaRfaOtCEcscwfIu+6GXiHOL33rrMNNinF0T2942jGc18feL6P/LZCzqz8bGdFNxT43jAGPeDDcrJEWAJZFO3vVTP65dTRTHQG2KlQMzS7tcif6YUlY2JLJIb61ZfLoShH/ini/tqsGT0Be1f3ndOFt48h4XMW1oIF+EXaHYeO2UJ6855m8Wpxs4bP/jX6vMV38IvvnHy4tWD50= alukard@AMD-Workstation" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP0/DReYSAfkucroMTdELzTORsGhhbEa+W0FDFBnwViHuoqoKvetCOkW657icexc5v/j6Ghy3+Li9twbHnEDzUJVtNtauhGMjOcUYt6pTbeJ09CGSAh+orxzeY4vXp7ANb91xW8yRn/EE4ALxqbLsc/D7TUMl11fmf0UW+kLgU5TcUYVSLMjQqBpD1Lo7lXLrImloDxe5fwoBDT09E59r9tq6+/3aHz8mpKRLsIQIV0Av00BRJ+/OVmZuBd9WS35rfkpUYmpEVInSJy3G4O6kCvY/zc9Bnh67l4kALZZ0+6W23kBGrzaRfaOtCEcscwfIu+6GXiHOL33rrMNNinF0T2942jGc18feL6P/LZCzqz8bGdFNxT43jAGPeDDcrJEWAJZFO3vVTP65dTRTHQG2KlQMzS7tcif6YUlY2JLJIb61ZfLoShH/ini/tqsGT0Be1f3ndOFt48h4XMW1oIF+EXaHYeO2UJ6855m8Wpxs4bP/jX6vMV38IvvnHy4tWD50= alukard@AMD-Workstation"
@ -104,5 +108,7 @@ in
} }
]; ];
}; };
programs.zsh.enable = true;
}; };
} }

4
modules/nixos/vpn/default.nix
View File

@ -1,4 +0,0 @@
{ ... }:
{
imports = [ ./tailscale.nix ];
}

40
modules/nixos/workspace/wayland.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, lib, ... }:
let
inherit (builtins) hasAttr;
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.wayland;
defaultUser = config.ataraxia.defaults.users.defaultUser;
session = {
command = "${getExe config.programs.uwsm.package} start hyprland-uwsm.desktop";
user = defaultUser;
};
in
{
options.ataraxia.wayland = {
enable = mkEnableOption "Enable wayland with compositor and other components";
hyprland.enable = mkEnableOption "Enable hyprland compositor";
};
config = mkIf cfg.enable {
programs.hyprland = mkIf cfg.hyprland.enable {
enable = true;
withUWSM = true;
};
services.greetd = {
enable = true;
settings = {
terminal.vt = 1;
default_session = session;
initial_session = session;
};
};
home-manager = mkIf (hasAttr "users" config.home-manager) {
users.${defaultUser} = {
ataraxia.wayland.hyprland.enable = cfg.hyprland.enable;
};
};
};
}

89
overlays/default.nix
View File

@ -1,8 +1,7 @@
inputs: final: prev: inputs: final: prev:
let let
inherit inputs;
inherit (prev.hostPlatform) system; inherit (prev.hostPlatform) system;
master = import inputs.nixpkgs-master { unstable = import inputs.nixpkgs-unstable {
config = { config = {
allowUnfree = true; allowUnfree = true;
}; };
@ -13,37 +12,62 @@ in
# attic-client = inputs.attic.packages.${system}.attic; # attic-client = inputs.attic.packages.${system}.attic;
# attic-server = inputs.attic.packages.${system}.attic-server; # attic-server = inputs.attic.packages.${system}.attic-server;
# cassowary-py = inputs.cassowary.packages.${system}.cassowary; # cassowary-py = inputs.cassowary.packages.${system}.cassowary;
heroic = (prev.heroic.override { extraPkgs = [ final.umu-launcher ]; }); hyprlandUnstable = unstable.hyprland;
hyprlandPortalUnstable = unstable.xdg-desktop-portal-hyprland;
intel-vaapi-driver = prev.intel-vaapi-driver.override { enableHybridCodec = true; }; intel-vaapi-driver = prev.intel-vaapi-driver.override { enableHybridCodec = true; };
mesaUnstable = unstable.mesa;
mesaUnstablei686 = unstable.driversi686Linux.mesa;
# nix-alien = inputs.nix-alien.packages.${system}.nix-alien; # nix-alien = inputs.nix-alien.packages.${system}.nix-alien;
# nix-direnv = inputs.nix-direnv.packages.${system}.default.override { nix = final.nix; }; # nix-direnv = inputs.nix-direnv.packages.${system}.default.override { nix = final.nix; };
# nix-fast-build = inputs.nix-fast-build.packages.${system}.default; # nix-fast-build = inputs.nix-fast-build.packages.${system}.default;
# nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update; # nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update;
osu-lazer = master.osu-lazer; osu-lazer = unstable.osu-lazer;
osu-lazer-bin = master.osu-lazer-bin; osu-lazer-bin = unstable.osu-lazer-bin;
# prismlauncher = inputs.prismlauncher.packages.${system}.prismlauncher.override { # prismlauncher = inputs.prismlauncher.packages.${system}.prismlauncher.override {
# jdks = [ final.temurin-bin ]; # jdks = [ final.temurin-bin ];
# }; # };
xray = master.xray; proton-ge-bin = unstable.proton-ge-bin;
xray = unstable.xray;
# youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; }; # youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
# yt-archivist = prev.callPackage ./packages/yt-archivist { }; # yt-archivist = prev.callPackage ./packages/yt-archivist { };
yt-dlp = master.yt-dlp; yt-dlp = unstable.yt-dlp;
sing-box = master.sing-box; sing-box = unstable.sing-box;
steam = prev.steam.override {
extraPkgs =
pkgs:
builtins.attrValues {
inherit (pkgs)
mono
libkrb5
keyutils
;
};
};
wine = prev.wineWow64Packages.stagingFull; wine = prev.wineWow64Packages.stagingFull;
# Patch spotify with spotx
spotify = prev.spotify.overrideAttrs (
oa:
let
spotx = prev.fetchurl {
url = "https://raw.githubusercontent.com/SpotX-Official/SpotX-Bash/b1de24ec4c23c45da373dcb64a44e372253a0c16/spotx.sh";
hash = "sha256-/p6cJKzaZzjcLJISFudstQjs+lPXnXx4f0vxKbF9Sqw=";
};
in
{
nativeBuildInputs =
oa.nativeBuildInputs
++ (with prev; [
perl
unzip
util-linux
zip
]);
postUnpack =
oa.postUnpack or ""
+ ''
patchShebangs --build ${spotx}
'';
postInstall =
oa.postInstall or ""
+ ''
bash ${spotx} -f -h -P "$out/share/spotify"
'';
}
);
# Move modprobed config to subdir. Easier to use with impermanence # Move modprobed config to subdir. Easier to use with impermanence
modprobed-db = prev.modprobed-db.overrideAttrs (oa: { modprobed-db = prev.modprobed-db.overrideAttrs (oa: {
nativeBuildInputs = [ prev.makeWrapper ] ++ oa.nativeBuildInputs or [ ];
postPatch = postPatch =
(oa.postPatch or "") (oa.postPatch or "")
+ '' + ''
@ -52,19 +76,24 @@ in
substituteInPlace ./common/modprobed-db.skel \ substituteInPlace ./common/modprobed-db.skel \
--replace-fail "/.config" "/.config/modprobed-db" --replace-fail "/.config" "/.config/modprobed-db"
''; '';
postInstall =
(oa.postInstall or "")
+ ''
wrapProgram $out/bin/modprobed-db \
--set PATH ${
with final;
lib.makeBinPath [
gawk
getent
coreutils
gnugrep
gnused
kmod
]
}
'';
}); });
# TODO: remove after ver > v0.47.2
hyprland =
if prev.hyprland.version == "0.47.2" then
(prev.hyprland.overrideAttrs (oa: {
patches = (oa.patches or [ ]) ++ [
./patches/hyprland-tablet.patch
];
}))
else
prev.hyprland;
pass-secret-service = prev.pass-secret-service.overrideAttrs (_: { pass-secret-service = prev.pass-secret-service.overrideAttrs (_: {
installCheckPhase = null; installCheckPhase = null;
postInstall = '' postInstall = ''

14
secrets/blueshift/marzban.env Normal file
View File

@ -0,0 +1,14 @@
SUDO_USERNAME=ENC[AES256_GCM,data:4QMSmmaPB10=,iv:KveMQ+EdfltGzQRRA+cm1MaRlsLypOhlWHdCumHLQS4=,tag:v30WjSutCxO9LDv3wFZHMA==,type:str]
SUDO_PASSWORD=ENC[AES256_GCM,data:IPJGUQiB6jMObUsUdw==,iv:N9cw9aGkmgIYmmrNkQYQ5PFdrmYKC8Tdgr4yb/96U5A=,tag:/yYIC/rKCttSgBBGvjCe2A==,type:str]
#ENC[AES256_GCM,data:P0rsl7K5MZceskgE/JrUlB7vTlKh0kP5Al1lH1CBUZKeVVGdbfW/VOy6CkNo8QuOUQqkzWocH0TNKzSEBw8et6s=,iv:uxHc50I95zeI/jkC60HOfzgftDBxdQM1/wqb8emrTSc=,tag:JaeHm9KAbh/KS+TIRrfWlw==,type:comment]
#ENC[AES256_GCM,data:u8NnWvULwXIg0mqTlPoOlpBgWn6LU+zsrd4P,iv:MxUYe7rI7u98wnKD1ichiYeTw/o5+E2c+22qTXRZTSI=,tag:DgkxQNi6EItuRl+av6rH3Q==,type:comment]
SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str]
XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6SnM1bjFKWWVjZzNCVmtj\nZkh0RTRaMlRGak1NNS9lOHFzTUR4NDZzSlZvCkRJYVVrT3Y5M0dES2ZSRkFndzZT\nTjc3bVllQXVRNm50ZDRyeEdOd1BDSmMKLS0tIGRhL2dRUG9QYkV6MFg0S1ZxVmNO\nclBGSlVZWDFqd3dzbCtvdWhhN1JFem8KSmlLbHgadYP7UJS/3xS+6IzI5QoNo82G\nLwzK4mYntl6OyAf06d1h+FfICpJYZDm3oQ1ClekztahnoRcbGPdxCA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age13phpsegg6vu7a34ydtfa9s904dfpgzqhzru7epnky7glezk0xvkst9qh6h
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFamtySkR0ZUlGUWdLMjNN\nL2JHc0lxQnBLNitjWkhiUzNUWEJiYTZsVEZZClNLRjhoUEo3dmFoaCt2cnhIcDZ5\nRU52a2ptekV5SnhjcUZGOUEwM2lyR2MKLS0tIFQ5c1BvSHJjaW8zc0svZ0hwQWxj\nNnFocGZPMHh5TUlteFhhaUdON1dkUVkKtPis8qNF+6/Ah/o/loIjC00ZK8bCL67I\nLHgm+KU7DhVlvtr6eRpcj2OsSdc7sjT+ZqXwDG8WVaAAt/2SlTuEnA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x
sops_lastmodified=2024-02-27T16:26:33Z
sops_mac=ENC[AES256_GCM,data:bWpVRMOaYvvOFMWksVXSPWmG5l/XDCSnnLovuf1cgn98yabzbYheBchhb3sgM3PWG2P/NwnxM3krVPdUMJ7vQVMp5uAph53rVRdmgUDXAEaRGkRzR4nAIi8eDKc1C/a+ifxNjsi2VOS0+rSdWOtUa1jdQx23tvACz1NXGw3G7SI=,iv:s6vfppM8PRA+ryzMvDSklH7HwgbDjCyK0/QHp+/2UNs=,tag:OwtdXGrP9XAREPbvbxqWUw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

28
secrets/blueshift/nginx.yaml Normal file
View File

File diff suppressed because one or more lines are too long

47
secrets/proxy.yaml Normal file
View File

File diff suppressed because one or more lines are too long

6
secrets/redshift/marzban.env
View File

@ -4,9 +4,9 @@ SUDO_PASSWORD=ENC[AES256_GCM,data:IPJGUQiB6jMObUsUdw==,iv:N9cw9aGkmgIYmmrNkQYQ5P
#ENC[AES256_GCM,data:u8NnWvULwXIg0mqTlPoOlpBgWn6LU+zsrd4P,iv:MxUYe7rI7u98wnKD1ichiYeTw/o5+E2c+22qTXRZTSI=,tag:DgkxQNi6EItuRl+av6rH3Q==,type:comment] #ENC[AES256_GCM,data:u8NnWvULwXIg0mqTlPoOlpBgWn6LU+zsrd4P,iv:MxUYe7rI7u98wnKD1ichiYeTw/o5+E2c+22qTXRZTSI=,tag:DgkxQNi6EItuRl+av6rH3Q==,type:comment]
SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str] SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str]
XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str] XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxV1VPQ2V5WjltK0JDUXhU\nWENHRUxFS0M1RjJjekNYeHlSSlhmNmE4eEUwCnpMWStLd1B6Q29DWTJLbURGdTJk\ndHY0RHFRRmFEaFNpOUxROTVWK0V6UmsKLS0tIEI0blZ1SlhBV3lpdGlGTWtWd3F1\nK0hNQjFDMG1sTWJCNFp1OE1kdlpydHcKzjus65hl6IVKdgS18xY20dgG+Blm15NE\nwf31QfHahDdY4r8DviX2/algiELvbTWNBicDOjvoiyhItPRX+9nN3Q==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGR25JZ3ZjQjNRTTEwd2pC\nUkVVM1lNMEhXQzMxc3JqRXlDNXQzZGZHWEVRCktXN1VWbGtzSXBLbHdVWUFQZkU4\ndE5QZkE3dEpVS1NtUUU0MkNtcXNMLzgKLS0tIDhqUm1xaGVFbyt4WHdFRGlOaWZz\nbDVqeDRZU08wU2xVMm8xUFNQY1QzMncKt8Diaxil0Fvar+zjh9mVF1Wi8I2sMslg\nSn61U0uqzN2T5Nw2gAocb1YmC0N3PNVOVDZrNvvqC8i+EUhf0rwSGg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el sops_age__list_0__map_recipient=age13phpsegg6vu7a34ydtfa9s904dfpgzqhzru7epnky7glezk0xvkst9qh6h
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUbmlBd3FJcjMyVldhL3BG\nc2s3YnlCenRNdXJ2VVlnU0lTZUU3MUh1TVZFClArSlM5Ylhya2JHT3RQQkZFRXVH\nblgwR0dJdmdOTUxsZERBc3pYbld0NncKLS0tIGc3bTdxbGg5cGdYYThwMkR2RlRF\ndTlNWGhoeXBueVZtbjdYS2JCVVpwSmsKzujU4pXFhI3Sa4TSYZRgkMpOqdKN7+jT\nTi8zqO0oRQAMnIAq+AYiMDIgi/ngiAxo5HeTIM2wZ7oRX6XsPZKH/w==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiOGl5L3VacGpoWlJDVzV4\nY3ZRaEFsZzhlTWlTQW9hbHQzWGgwQkZSeEZZCmNvUVdBNE1yOVAwS1RraXUwRmZT\nZXRCL1VXVVNHWlh5MG5mREVOa0dFT00KLS0tIHFhSlJmWnFKRGNkaVVMaFpBZE51\ncndPdGlNTkZwbG1EckxOSG42cDdXV1UKgILv8iRO0v3QA8EYxw61Jleg4RI+HP1o\ng8yphKIzzqIBuXm/DlSZJyembysmrT/AgWzWhkSxyslNCi+uQfdabw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f sops_age__list_1__map_recipient=age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
sops_lastmodified=2024-02-27T16:26:33Z sops_lastmodified=2024-02-27T16:26:33Z
sops_mac=ENC[AES256_GCM,data:bWpVRMOaYvvOFMWksVXSPWmG5l/XDCSnnLovuf1cgn98yabzbYheBchhb3sgM3PWG2P/NwnxM3krVPdUMJ7vQVMp5uAph53rVRdmgUDXAEaRGkRzR4nAIi8eDKc1C/a+ifxNjsi2VOS0+rSdWOtUa1jdQx23tvACz1NXGw3G7SI=,iv:s6vfppM8PRA+ryzMvDSklH7HwgbDjCyK0/QHp+/2UNs=,tag:OwtdXGrP9XAREPbvbxqWUw==,type:str] sops_mac=ENC[AES256_GCM,data:bWpVRMOaYvvOFMWksVXSPWmG5l/XDCSnnLovuf1cgn98yabzbYheBchhb3sgM3PWG2P/NwnxM3krVPdUMJ7vQVMp5uAph53rVRdmgUDXAEaRGkRzR4nAIi8eDKc1C/a+ifxNjsi2VOS0+rSdWOtUa1jdQx23tvACz1NXGw3G7SI=,iv:s6vfppM8PRA+ryzMvDSklH7HwgbDjCyK0/QHp+/2UNs=,tag:OwtdXGrP9XAREPbvbxqWUw==,type:str]

27
secrets/redshift/nginx.yaml
View File

File diff suppressed because one or more lines are too long

45
secrets/rustic.yaml
View File

@ -9,31 +9,44 @@ rustic-minio-secret-key: ENC[AES256_GCM,data:Jkn0mHcLFWS/euPCYtEF3hXN4Jx8PHZHA3R
rclone-s3-sync: ENC[AES256_GCM,data:oBDntYhuThzmImRgpBSsgqDwXs4+wJxAOZKH3vlKfH+9CXYNI1ks92t8Ywr/wltikvXiVbKuztY7Iuqe4Mkl0K9onYYcmrMDqyuLXRV/WPXNaAwyOyFUS17dxcqoyG51T0zzb1l4LH+GTrLw7m7RD7y7XFU/uidAUuBnQHAQpu8xRI/5PLcSaae+KfmoJGpZBX4BawXMHzRKKo462Muw/1FbBQpC0ERvTd34oSke32+Ni3MNdg/nOVyczYIQ+TPNhtgiSNXFJFPaXWMrIh29jhyJv7M2k4nYzNzb3A2miGCxWRDNy7bxZTDeVLgJUZT3KJNyb8BGLhu2v54WSbm01I1pP+//xYSZI0JER4fCZpdGodr2TV6u7YOyVxa1pZ7C7O9T/dd2O9NbgQY1Azc9MhiIXZnT58j72SNvhDNtCloM50R0LYmagCj2alP3Z4W7L+BdtaU58hWFCM2P8EIYbPkz8wK4/i1XARvZU9i+cRWZCoKi+yi0cV2yKOYlFEW0RmO9G3rC6a31YITwfpHhQw9IFuZXwdwZdf4OIuw12BIXfeUQJWqIl4QRSnOSzCggSZngwhoq/r46Oh2Jn9xXuVO6Hlod8pGyxKovO9bGQl3ioIU/KAhKp88k/BDS7YM4HhAEPNjvsSZgRGf21G7Z4ypi6a2grMTGgIKbOA3KEe2CKrSEVq7JRF5m1uAPJ2zrgbBrSwI0qkhGfn+SERMVtyzkIvTQkEQJ/g==,iv:jWhHLIccl1Pgr55xEMd2ED8FS3pvRjnuugMJ0sHnuW4=,tag:upgyBz2AA2zhidFIkcVrpw==,type:str] rclone-s3-sync: ENC[AES256_GCM,data:oBDntYhuThzmImRgpBSsgqDwXs4+wJxAOZKH3vlKfH+9CXYNI1ks92t8Ywr/wltikvXiVbKuztY7Iuqe4Mkl0K9onYYcmrMDqyuLXRV/WPXNaAwyOyFUS17dxcqoyG51T0zzb1l4LH+GTrLw7m7RD7y7XFU/uidAUuBnQHAQpu8xRI/5PLcSaae+KfmoJGpZBX4BawXMHzRKKo462Muw/1FbBQpC0ERvTd34oSke32+Ni3MNdg/nOVyczYIQ+TPNhtgiSNXFJFPaXWMrIh29jhyJv7M2k4nYzNzb3A2miGCxWRDNy7bxZTDeVLgJUZT3KJNyb8BGLhu2v54WSbm01I1pP+//xYSZI0JER4fCZpdGodr2TV6u7YOyVxa1pZ7C7O9T/dd2O9NbgQY1Azc9MhiIXZnT58j72SNvhDNtCloM50R0LYmagCj2alP3Z4W7L+BdtaU58hWFCM2P8EIYbPkz8wK4/i1XARvZU9i+cRWZCoKi+yi0cV2yKOYlFEW0RmO9G3rC6a31YITwfpHhQw9IFuZXwdwZdf4OIuw12BIXfeUQJWqIl4QRSnOSzCggSZngwhoq/r46Oh2Jn9xXuVO6Hlod8pGyxKovO9bGQl3ioIU/KAhKp88k/BDS7YM4HhAEPNjvsSZgRGf21G7Z4ypi6a2grMTGgIKbOA3KEe2CKrSEVq7JRF5m1uAPJ2zrgbBrSwI0qkhGfn+SERMVtyzkIvTQkEQJ/g==,iv:jWhHLIccl1Pgr55xEMd2ED8FS3pvRjnuugMJ0sHnuW4=,tag:upgyBz2AA2zhidFIkcVrpw==,type:str]
sops: sops:
shamir_threshold: 1 shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el - recipient: age13phpsegg6vu7a34ydtfa9s904dfpgzqhzru7epnky7glezk0xvkst9qh6h
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeWJOVEFXTXJrcGYyWWlp YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWmZKOUMzdUttMjNhMDdn
TkxrTmpNanR5QmVaYUlKV1JXYnh0L0ViRmdvCmtTR3hUUExkejBkcVNuYUpqRjdZ Rzdvek1vaEFPTWI2V1NjbllQYW1WMDltdWlnCkFuMmlJVmhsZGpMMThFSnB5NHZR
dlQ4SkRyL2txM2FSK201SU9adUQ2NUEKLS0tIDN0eDRLZGZWMnFUQWFjZnpjWk9J UGFHMjNrcXNVRXlZNmhMNzZIQ2dRZDQKLS0tIHlYRGlycWpwZDZpWXB4QkJaZHhK
VjBGTVZpYm1kOWw0aGlNaURvb2Q0aVUKPZ2BkHEWV1qsOcEIvF6iiLV0ZSJ7kGT3 d0prY25HUWpkcW5ieVFXR0dLV29ReVEK1AbWCfgR5To43PXD/KUn2X4SFe/Wz18d
B7LZx44DUIFuwEXzmnzKf6BkdFNpCqSqWODxTYHm3UcHU2qshux+0g== p40f6D56CKxmi9pb3lQriTipsxVqTXq/U1oDZP3YoeLWfxL4IHCSZA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kj70enq8ynqdnl04l5d0v43vcn0de0snn732wfxdxrgxhp72myeq93e9ts
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3SVIwR1czazExOXN6Mkoz
TzRUT3Z0cnlLbThsVXB2RE1VRGxOcVdzdnhVClo2ay96QTBQRHFqTlJrZnZOQ1FN
RTV6WDdFQXY0KzRwUHozMTJpdmdxUk0KLS0tIDFUQ2Z1a3J0azRGbEJuWlVXUEQv
OTBuTWgvQWd4Mk5ycjhhM3U4Rkxnb00Ku8magoehW+QD8NS0f6bS1blFUoFRZhNc
704vrRVSUeweOcumjDSr4aep4KjJWRHUBgbIv2NX5O3ArLIkWTuyTg==
-----END AGE ENCRYPTED FILE-----
- recipient: age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlL2wrN1hvMmU2eWNFeVdD
cXVGdVR5eHR2SDc2cGE3bThDSzBaTnk0R0RNCkFTQ2RSVTNpSnNRRUh6LzBCWFZ0
S2hGbDlqbWYwV0JiSTdlRVFiZmxkQ2cKLS0tIEIzRmlsWksveVAyaU9kWmMvNitR
WkVVTGUxWGVrL0ZKQ2RXbE5wK0w0eGsKHz2PcPvOsygtbMZkapmbBUKoJUYGUwWq
1RbhZGFi2bzqKWGJl08cTXaEvZ25i3aFt88doZAw1B1WiNI3XpYBaA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f - recipient: age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMzFGQ3pzbTNoR25pOTRx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAza1o1K0QwVzM1OXZjT1N0
QUk3TzgzeUhCNzg2ODg2SENZbkJpTDREK2dzCnZQdkxMQ1RhaFdCZDlZellYd25K TFRHbUNIZTRiaUEzcHNMSmNramprMmdpckJnCklZck14Qis5TXJSTTkyem9FR2JZ
RTBCNDJWUFoyZTJ3dWtqYlJFSU5uc0UKLS0tIENKYmlKUjB2ZjFmZzZpQ3V4dDQ0 VUd1azZQM0REd3lmSGlTZ3YyTXR0R2sKLS0tIHVTSlBIc05aOWtDeVFrV1FDNXBT
eklFdUdEOWlnWndpai94QnFUU1F3NmMKVOQtq31dODV1rK7hZMfw295OkQeXq81u OGlGTzRHWSs5OUJZb0V5VTIzNGc4UjAKFOfZX4UrbtzXGKYJ8c0TgDY+kvY1pRWH
VBQVVcYaup6IynBuQYE9eNL5euMwsV/pCv9N+PC3J6WdhdK336ZCDQ== ETslhYtbtnaqI1a4rdRv+sKFbuEOV38sJZ6NuKR0Lfqw1GohWyA1vQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-08T15:01:54Z" lastmodified: "2024-06-08T15:01:54Z"
mac: ENC[AES256_GCM,data:euc66CxC9LHiJYKiMaEWunIZCHd2ZGl1YcFIJWmv2/x1pMRSnQ85yCL5Fpu8crjaayDYGJJVmMBVeU8trmaoqzYE1pWtUSIQo2QligJ1k8T5erdakSwv6keHrxczS1gEkS1Ygl6xieZUY5mcwY1Wyz7ZMeAeiIpIaraSf8Uydu8=,iv:OMGVEmOHnJbFzVpfCtvt3jrw6vP5dCib/HfcKpbSZ7k=,tag:wTtzNCE6BB3S7x2wWNYq1A==,type:str] mac: ENC[AES256_GCM,data:euc66CxC9LHiJYKiMaEWunIZCHd2ZGl1YcFIJWmv2/x1pMRSnQ85yCL5Fpu8crjaayDYGJJVmMBVeU8trmaoqzYE1pWtUSIQo2QligJ1k8T5erdakSwv6keHrxczS1gEkS1Ygl6xieZUY5mcwY1Wyz7ZMeAeiIpIaraSf8Uydu8=,iv:OMGVEmOHnJbFzVpfCtvt3jrw6vP5dCib/HfcKpbSZ7k=,tag:wTtzNCE6BB3S7x2wWNYq1A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1