AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: AtaraxiaDev:61a428d955bb696d907935f65b764a8ab4acc8a2
Branches Tags
AtaraxiaDev:master
AtaraxiaDev:dev-v2
...
compare: AtaraxiaDev:9f2f82a214bf2e454ac3702c56103d12a8897fa2
Branches Tags
AtaraxiaDev:dev-v2
AtaraxiaDev:master

20 Commits
61a428d955 ... 9f2f82a214

Author SHA1 Message Date
Dmitriy Kholkin
9f2f82a214
fix dns mapping on vps 2025-02-12 22:07:19 +03:00
Dmitriy Kholkin
693f34eadc
fix network setting on vps 2025-02-12 22:07:19 +03:00
Dmitriy Kholkin
17c7753e37
disable wireguard on vps 2025-02-12 22:07:19 +03:00
Dmitriy Kholkin
cda6112353
add foliate, disable some packages 2025-02-12 22:07:19 +03:00
Dmitriy Kholkin
fbb7636bff
use nixpkgs aavmf 2025-02-12 22:07:18 +03:00
Dmitriy Kholkin
91e32fc2ae
always use latest version of osu-lazer 2025-02-12 22:07:18 +03:00
Dmitriy Kholkin
4b07379f8d
add dbeaver 2025-02-12 22:07:18 +03:00
Dmitriy Kholkin
efffbb907b
enable waydroid on enabled profile 2025-02-12 22:07:18 +03:00
Dmitriy Kholkin
cf10f84160
add gamescope session 2025-02-12 22:07:18 +03:00
Dmitriy Kholkin
ef0fb60dc5
use xanmod kernel on laptop 2025-02-12 22:07:18 +03:00
Dmitriy Kholkin
c3d89a6151
remove umu-launcher 2025-02-12 22:07:18 +03:00
Dmitriy Kholkin
bdd3b64cf9
fix maa build 2025-02-12 22:07:17 +03:00
Dmitriy Kholkin
fe00a6128e
fix tablet in hyprland 2025-02-12 22:07:17 +03:00
Dmitriy Kholkin
49a343406f
upgrade system 2025-02-12 22:07:17 +03:00
Dmitriy Kholkin
b124ad0122
enable experimental hdr protocol 2025-02-12 22:07:17 +03:00
Dmitriy Kholkin
618a062105
add tablet config 2025-02-12 22:07:17 +03:00
Dmitriy Kholkin
05ff9a376b
add second monitor to workstation 2025-02-12 22:07:17 +03:00
Dmitriy Kholkin
55bb74d440
enable sunshine 2025-02-12 22:07:17 +03:00
Dmitriy Kholkin
7422e7a335
remove old patches 2025-02-12 22:07:16 +03:00
Dmitriy Kholkin
14a0a355ed
remove old vm and fix new 2025-02-12 22:07:16 +03:00
33 changed files with 542 additions and 1402 deletions
Show Stats Expand all files Collapse all files

493
flake.lock generated
View File

@ -8,11 +8,11 @@
]
},
"locked": {
"lastModified": 1734540176,
"narHash": "sha256-msxbnOw/nh8GJ87YtBEDT1jhVldOBtxHRF2KgvYPeDA=",
"lastModified": 1736877444,
"narHash": "sha256-K25atZ9alRsGb6TW+rRcpJTbtP5tnb3qusd762B2qWw=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "00df3ad02364a6fb8f1105dc72ae770b748c62eb",
"rev": "a1f0ce3bfbe9f0cc81e8b7def5e652a021e95c98",
"type": "github"
},
"original": {
@ -41,11 +41,11 @@
]
},
"locked": {
"lastModified": 1734400729,
"narHash": "sha256-Bf+oya0BuleVXYGIWsb0eWnrK6s0aiesOsI7Mpj1pMU=",
"lastModified": 1738456976,
"narHash": "sha256-cufyHbOMnSt9V4w4OVSzNcpJ+8DwzRZRJaca2Q89KVI=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "a132fa41be7ebe797ad758e84d9df068151a723b",
"rev": "257b2050790ab3b1eb389e0f8bdc400eb9510139",
"type": "github"
},
"original": {
@ -61,11 +61,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1734172243,
"narHash": "sha256-WswQgnuAUZoOq8w2Ku+/XLPRx79+3houzK5pUxCba1k=",
"lastModified": 1738238125,
"narHash": "sha256-zBtIvbR0Iqt6j7cTH2Q8Zm0a6IqXrwYv385hMUClGVQ=",
"owner": "AtaraxiaSjel",
"repo": "nur",
"rev": "1933cfa07342df15b0a081fed69f6adc0724a1c7",
"rev": "f22ed3758ec797f2c08108e66ca5982a37489959",
"type": "github"
},
"original": {
@ -84,11 +84,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1731270564,
"narHash": "sha256-6KMC/NH/VWP5Eb+hA56hz0urel3jP6Y6cF2PX6xaTkk=",
"lastModified": 1738524606,
"narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "47752427561f1c34debb16728a210d378f0ece36",
"rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
"type": "github"
},
"original": {
@ -225,12 +225,15 @@
}
},
"catppuccin": {
"inputs": {
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1734671418,
"narHash": "sha256-K2Su5hM1nEIgKJ55TB5W+UfN9zBHUxC0SjWAtjXLEnI=",
"lastModified": 1737579274,
"narHash": "sha256-8kBIYfn8TI9jbffhDNS12SdbQHb9ITXflwcgIJBeGqw=",
"owner": "catppuccin",
"repo": "nix",
"rev": "6239449c96569547af621899f44a5ea333cb2576",
"rev": "06f0ea19334bcc8112e6d671fd53e61f9e3ad63a",
"type": "github"
},
"original": {
@ -241,7 +244,7 @@
},
"catppuccin-vsc": {
"inputs": {
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1733066065,
@ -259,17 +262,18 @@
},
"chaotic": {
"inputs": {
"fenix": "fenix",
"flake-schemas": "flake-schemas",
"home-manager": "home-manager",
"jovian": "jovian",
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1734631939,
"narHash": "sha256-ZrvI+3uXL6Y9v1+xyNVPpMav0SYPi2ZwcmkaTyarN0E=",
"lastModified": 1738552004,
"narHash": "sha256-eYE+8F0ZrSIYvlVkgTjTBlnM1COqUdSs4GKyWnel6I4=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "5694778dcfd69cc5dab9bd83c9eeb147ed3537e4",
"rev": "894d1db77131a4a449d1993c7ba314ee15dd4e36",
"type": "github"
},
"original": {
@ -303,7 +307,7 @@
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_5",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_10",
"utils": "utils"
},
"locked": {
@ -423,11 +427,11 @@
]
},
"locked": {
"lastModified": 1734701201,
"narHash": "sha256-hk0roBX10j/hospoWIJIJj3i2skd7Oml6yKQBx7mTFk=",
"lastModified": 1738148035,
"narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=",
"owner": "nix-community",
"repo": "disko",
"rev": "2ee76c861af3b895b3b104bae04777b61397485b",
"rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54",
"type": "github"
},
"original": {
@ -436,6 +440,28 @@
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"chaotic",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1738477724,
"narHash": "sha256-S1x0F7q9cJ6EEmZsakse2Ps6Adi7NadxRtGiuWUlwT0=",
"owner": "nix-community",
"repo": "fenix",
"rev": "1936bb37b1d8597273e3611873dc09dd61b09818",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -455,11 +481,11 @@
"flake-compat_10": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@ -662,11 +688,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"type": "github"
},
"original": {
@ -704,11 +730,11 @@
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"type": "github"
},
"original": {
@ -950,11 +976,11 @@
]
},
"locked": {
"lastModified": 1734622158,
"narHash": "sha256-h/fdzqlCqSa2ZCIqtDc9kshCJm6kQIoKuO0MSSmAX4A=",
"lastModified": 1738448366,
"narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "832920a60833533eaabcc93ab729801bf586fa0c",
"rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93",
"type": "github"
},
"original": {
@ -970,11 +996,11 @@
]
},
"locked": {
"lastModified": 1734622215,
"narHash": "sha256-OOfI0XhSJGHblfdNDhfnn8QnZxng63rWk9eeJ2tCbiI=",
"lastModified": 1738610386,
"narHash": "sha256-yb6a5efA1e8xze1vcdN2HBxqYr340EsxFMrDUHL3WZM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1395379a7a36e40f2a76e7b9936cc52950baa1be",
"rev": "066ba0c5cfddbc9e0dddaec73b1561ad38aa8abe",
"type": "github"
},
"original": {
@ -999,11 +1025,11 @@
]
},
"locked": {
"lastModified": 1734364709,
"narHash": "sha256-+2bZJL2u5hva7rSp65OfKJBK+k03T6GB/NCvpoS1OOo=",
"lastModified": 1738178255,
"narHash": "sha256-+D6Nu2ewXbMTFzx/Q4jDOo+LAOUPr0cxQJg5k33daIE=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "f388aacd22be4a6e4d634fbaf6f75eb0713d239a",
"rev": "dcadd3398abe146d60c67e0d9ee6e27b301cae82",
"type": "github"
},
"original": {
@ -1028,11 +1054,11 @@
]
},
"locked": {
"lastModified": 1733684019,
"narHash": "sha256-2kYREgmSmbLsmDpLEq96hxVAU3qz8aCvVhF65yCFZHY=",
"lastModified": 1738437059,
"narHash": "sha256-J+8ecqaP3zD9GHeN8Y4hUapoELSoggp0IZI8laTFt/0=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "fb2c0268645a77403af3b8a4ce8fa7ba5917f15d",
"rev": "5ac80e3686a4dfa55d2bd15c81a266b89594a295",
"type": "github"
},
"original": {
@ -1051,27 +1077,23 @@
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs": "nixpkgs_11",
"pre-commit-hooks": "pre-commit-hooks_3",
"systems": "systems_3",
"xdph": "xdph"
},
"locked": {
"lastModified": 1734639812,
"narHash": "sha256-OxrpnYxFcnh7m6oUeD1zJnqTizTBTsPYz6PjiU1/wuk=",
"ref": "refs/heads/main",
"rev": "71dc9f6128b8d2e382b2a574d2d5f15e2d907f3a",
"revCount": 5573,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
"lastModified": 1738612394,
"narHash": "sha256-MDoY6eOZPxhHNsLUfeJ07YnUEPHLQdqEik3ql+ePjwI=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "70cfc7cc9c4ecadbb9dd9a75f096fc70177a8ca5",
"type": "github"
},
"original": {
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-protocols": {
@ -1086,11 +1108,11 @@
]
},
"locked": {
"lastModified": 1728345020,
"narHash": "sha256-xGbkc7U/Roe0/Cv3iKlzijIaFBNguasI31ynL2IlEoM=",
"lastModified": 1738422629,
"narHash": "sha256-5v+bv75wJWvahyM2xcMTSNNxmV8a7hb01Eey5zYnBJw=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "a7c183800e74f337753de186522b9017a07a8cee",
"rev": "755aef8dab49d0fc4663c715fa4ad221b2aedaed",
"type": "github"
},
"original": {
@ -1099,10 +1121,49 @@
"type": "github"
}
},
"hyprland-qt-support": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprland-qtutils",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"hyprland-qtutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-qtutils",
"systems"
]
},
"locked": {
"lastModified": 1737634706,
"narHash": "sha256-nGCibkfsXz7ARx5R+SnisRtMq21IQIhazp6viBU8I/A=",
"owner": "hyprwm",
"repo": "hyprland-qt-support",
"rev": "8810df502cdee755993cb803eba7b23f189db795",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-qt-support",
"type": "github"
}
},
"hyprland-qtutils": {
"inputs": {
"hyprland-qt-support": "hyprland-qt-support",
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-qtutils",
"hyprlang",
"hyprutils"
],
"nixpkgs": [
@ -1115,11 +1176,11 @@
]
},
"locked": {
"lastModified": 1733940128,
"narHash": "sha256-hmfXWj2GA9cj1QUkPFYtAAeohhs615zL4E3APy3FnvQ=",
"lastModified": 1737981711,
"narHash": "sha256-lh6cL5D8nPplB3WovCQjLUZ7k7MViiBrMlpkfm4R7/c=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "3833097e50473a152dd614d4b468886840b4ea78",
"rev": "96bf0677fa9cd13508294e3d4559dfbbc8beff73",
"type": "github"
},
"original": {
@ -1144,11 +1205,11 @@
]
},
"locked": {
"lastModified": 1734364628,
"narHash": "sha256-ii8fzJfI953n/EmIxVvq64ZAwhvwuuPHWfGd61/mJG8=",
"lastModified": 1737634606,
"narHash": "sha256-W7W87Cv6wqZ9PHegI6rH1+ve3zJPiyevMFf0/HwdbCQ=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "16e59c1eb13d9fb6de066f54e7555eb5e8a4aba5",
"rev": "f41271d35cc0f370d300413d756c2677f386af9d",
"type": "github"
},
"original": {
@ -1169,11 +1230,11 @@
]
},
"locked": {
"lastModified": 1734384247,
"narHash": "sha256-bl3YyJb2CgaeVKYq/l8j27vKdbkTpDNFDsnCl0dnNlY=",
"lastModified": 1737978343,
"narHash": "sha256-TfFS0HCEJh63Kahrkp1h9hVDMdLU8a37Zz+IFucxyfA=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "e6cf45cd1845368702e03b8912f4cc44ebba3322",
"rev": "6a8bc9d2a4451df12f5179dc0b1d2d46518a90ab",
"type": "github"
},
"original": {
@ -1194,11 +1255,11 @@
]
},
"locked": {
"lastModified": 1734384417,
"narHash": "sha256-noYeXcNQ15g1/gIJIYT2zdO66wzY5Z06PYz6BfKUZA8=",
"lastModified": 1735493474,
"narHash": "sha256-fktzv4NaqKm94VAkAoVqO/nqQlw+X0/tJJNAeCSfzK4=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "90e87f7fcfcce4862826d60332cbc5e2f87e1f88",
"rev": "de913476b59ee88685fdc018e77b8f6637a2ae0b",
"type": "github"
},
"original": {
@ -1209,11 +1270,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1734200366,
"narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=",
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
@ -1231,11 +1292,11 @@
]
},
"locked": {
"lastModified": 1734591594,
"narHash": "sha256-7Q4hXE+b9A4DebZ5Q+q3WStuMiWR5bMW0ltpzbY/zMQ=",
"lastModified": 1738478597,
"narHash": "sha256-it7lc+HRSQiLV+3CcA+c6fkr2355HyT2GGUowHdfa/E=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "ce2abe494524cdb389a5d31c11c41834d4362ac5",
"rev": "77fb0818cb42ca0db98839d47bbc6a317c286282",
"type": "github"
},
"original": {
@ -1332,7 +1393,7 @@
"flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_5",
"nix": "nix_4",
"nixpkgs": "nixpkgs_11"
"nixpkgs": "nixpkgs_13"
},
"locked": {
"lastModified": 1669478601,
@ -1388,11 +1449,11 @@
]
},
"locked": {
"lastModified": 1734239219,
"narHash": "sha256-iKY/OGNANXpd9hXBGfx8vObpHW4IcOH0MrerLCCc7hA=",
"lastModified": 1736952083,
"narHash": "sha256-zLhLqxc2JKvUtr0mSRRvOeKXN5dl5bn1e99z7EOp3bI=",
"owner": "thiagokokada",
"repo": "nix-alien",
"rev": "a266d0f74dd4a82ec6a72b02fbf3fbc5f7105f15",
"rev": "7e687663d2054fa1708284bd42731c6be62b1667",
"type": "github"
},
"original": {
@ -1404,15 +1465,15 @@
"nix-direnv": {
"inputs": {
"flake-parts": "flake-parts_5",
"nixpkgs": "nixpkgs_12",
"nixpkgs": "nixpkgs_14",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1732689932,
"narHash": "sha256-dnB8nu6ozuflg7f887Udoujx284QI6FMCSuCYIiTCYQ=",
"lastModified": 1737108329,
"narHash": "sha256-ExqalgsgqaJhtX7VyjVPgASI2sFIcZ679/FDbMT6AYc=",
"owner": "nix-community",
"repo": "nix-direnv",
"rev": "0357fa09ff68323c472fc0362ddc141a6aa6c3b5",
"rev": "38883833413a601fb64f51cd33e4fa0ffbc33320",
"type": "github"
},
"original": {
@ -1430,11 +1491,11 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1734716067,
"narHash": "sha256-BCpd50t/3JU4ydiNfJxH3LzQDzyGbBI0CKWaeplnkVg=",
"lastModified": 1736592044,
"narHash": "sha256-HkaJeIFgxncLm8MC1BaWRTkge9b1/+mjPcbzXTRshoM=",
"owner": "Mic92",
"repo": "nix-fast-build",
"rev": "ed736c65a8cb58a85369f6ee1c3f4403aa904fcc",
"rev": "906af17fcd50c84615a4660d9c08cf89c01cef7d",
"type": "github"
},
"original": {
@ -1460,11 +1521,11 @@
},
"nix-filter_2": {
"locked": {
"lastModified": 1730207686,
"narHash": "sha256-SCHiL+1f7q9TAnxpasriP6fMarWE5H43t25F5/9e28I=",
"lastModified": 1731533336,
"narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "776e68c1d014c3adde193a18db9d738458cd2ba4",
"rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github"
},
"original": {
@ -1552,11 +1613,11 @@
]
},
"locked": {
"lastModified": 1734234111,
"narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=",
"lastModified": 1736652904,
"narHash": "sha256-8uolHABgroXqzs03QdulHp8H9e5kWQZnnhcda1MKbBM=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d",
"rev": "271e5bd7c57e1f001693799518b10a02d1123b12",
"type": "github"
},
"original": {
@ -1574,11 +1635,11 @@
]
},
"locked": {
"lastModified": 1734659394,
"narHash": "sha256-rI7fcI4+J+iAiCvQ0J3hECJJGD9cAVTAFRTj1xrX6Qo=",
"lastModified": 1738547248,
"narHash": "sha256-ALPkA9L4G0j7piorEyeQ7zf6fW4vii4ULxRZBXmeKYM=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "1792f1bbfccbd5ebcb745250e4fc57067c6dfd9c",
"rev": "bfacd5e2786caf61da0ad956728559dd6c1e8037",
"type": "github"
},
"original": {
@ -1652,7 +1713,7 @@
"nix_4": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_10",
"nixpkgs": "nixpkgs_12",
"nixpkgs-regression": "nixpkgs-regression_4"
},
"locked": {
@ -1671,11 +1732,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1734224914,
"narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=",
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "538697b664a64fade8ce628d01f35d1f1fd82d77",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
@ -1692,11 +1753,11 @@
]
},
"locked": {
"lastModified": 1734570415,
"narHash": "sha256-kcsDNcEr4hYuDc8l+ox41FvEPpmQTV3/3hgdx3tuxHw=",
"lastModified": 1737057290,
"narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "b8f266f26bb757e7aec18adeee6919db6666c4f6",
"rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
"type": "github"
},
"original": {
@ -1751,23 +1812,23 @@
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1733096140,
"narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
"lastModified": 1738452942,
"narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1734718783,
"narHash": "sha256-q8XueLYZkunMIWcDuyRouEw082Q8S6QeVXYzop4k9m0=",
"lastModified": 1738616884,
"narHash": "sha256-6oeyCodT5uP0u/YdKOpzx/sVDyYHXjJ5DzgU6jIE0C8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "de0a5d8fe7319752a089d71ca22c83b5ec83b351",
"rev": "68392b6bc4c42a2ee585e36b9ed26fd16400bb9f",
"type": "github"
},
"original": {
@ -1875,27 +1936,11 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_4": {
"locked": {
"lastModified": 1734600368,
"narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=",
"lastModified": 1738435198,
"narHash": "sha256-5+Hmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca",
"rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3",
"type": "github"
},
"original": {
@ -1906,6 +1951,38 @@
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1738410390,
"narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3a228057f5b619feb3186e986dbe76278d707b6e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_12": {
"locked": {
"lastModified": 1657693803,
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
@ -1921,7 +1998,7 @@
"type": "github"
}
},
"nixpkgs_11": {
"nixpkgs_13": {
"locked": {
"lastModified": 1669378442,
"narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=",
@ -1937,7 +2014,7 @@
"type": "github"
}
},
"nixpkgs_12": {
"nixpkgs_14": {
"locked": {
"lastModified": 1725194671,
"narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=",
@ -1953,13 +2030,13 @@
"type": "github"
}
},
"nixpkgs_13": {
"nixpkgs_15": {
"locked": {
"lastModified": 1734424634,
"narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
"lastModified": 1738546358,
"narHash": "sha256-nLivjIygCiqLp5QcL7l56Tca/elVqM9FG1hGd9ZSsrg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
"rev": "c6e957d81b96751a3d5967a0fd73694f303cc914",
"type": "github"
},
"original": {
@ -1969,13 +2046,13 @@
"type": "github"
}
},
"nixpkgs_14": {
"nixpkgs_16": {
"locked": {
"lastModified": 1730785428,
"narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
"lastModified": 1735834308,
"narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
"rev": "6df24922a1400241dae323af55f30e4318a6ca65",
"type": "github"
},
"original": {
@ -1985,6 +2062,22 @@
"type": "github"
}
},
"nixpkgs_17": {
"locked": {
"lastModified": 1738136902,
"narHash": "sha256-pUvLijVGARw4u793APze3j6mU1Zwdtz7hGkGGkD87qw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a5db3142ce450045840cc8d832b13b8a2018e0c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1717432640,
@ -2066,6 +2159,22 @@
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1736012469,
"narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1732837521,
"narHash": "sha256-jNRNr49UiuIwaarqijgdTR2qLPifxsVhlJrKzQ8XUIE=",
@ -2081,13 +2190,13 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1734424634,
"narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
"lastModified": 1738410390,
"narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
"rev": "3a228057f5b619feb3186e986dbe76278d707b6e",
"type": "github"
},
"original": {
@ -2097,22 +2206,6 @@
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils",
@ -2217,15 +2310,14 @@
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
]
},
"locked": {
"lastModified": 1734379367,
"narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=",
"lastModified": 1737465171,
"narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99",
"rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
"type": "github"
},
"original": {
@ -2239,14 +2331,14 @@
"flake-compat": "flake-compat_10",
"libnbtplusplus": "libnbtplusplus",
"nix-filter": "nix-filter_2",
"nixpkgs": "nixpkgs_14"
"nixpkgs": "nixpkgs_16"
},
"locked": {
"lastModified": 1731890783,
"narHash": "sha256-U1qktPwss7ZlDMtRgbYBgLu2akFwSi5xhYOiCl3t/dg=",
"lastModified": 1736610087,
"narHash": "sha256-ceYrz2mBJuf7pnUWbIvZBhh6SFiDLk6GWRdamGTUNY4=",
"owner": "AtaraxiaSjel",
"repo": "PrismLauncher",
"rev": "c392334ef50a51be75c2871c095af249a67ed536",
"rev": "79a719295fe04e553be858f5320219be86444177",
"type": "github"
},
"original": {
@ -2281,15 +2373,32 @@
"nix-fast-build": "nix-fast-build",
"nix-vscode-marketplace": "nix-vscode-marketplace",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_13",
"nixpkgs": "nixpkgs_15",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable_4",
"nixpkgs-stable": "nixpkgs-stable_3",
"prismlauncher": "prismlauncher",
"sops-nix": "sops-nix",
"srvos": "srvos",
"umu": "umu"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1738433753,
"narHash": "sha256-lyhEsEf5FQzV+KHVkfxIApMOFWHqyls5+llcQ/uhV6Y=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "88b901878e684e4f68f104fdbc48749f41bcccd3",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
@ -2297,11 +2406,11 @@
]
},
"locked": {
"lastModified": 1734546875,
"narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=",
"lastModified": 1738291974,
"narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d",
"rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
"type": "github"
},
"original": {
@ -2317,11 +2426,11 @@
]
},
"locked": {
"lastModified": 1734587909,
"narHash": "sha256-8JzxqQEYm3wKoA1TmCfnfN1uZD/YNn9OZL8xI/OSbes=",
"lastModified": 1738198321,
"narHash": "sha256-lhnHBXO9Y8xEn92JqxjancdL8Gh16ONuxZp60iZfmX4=",
"owner": "nix-community",
"repo": "srvos",
"rev": "758e36d85d0dd2fbb01550554e7de68514558a0b",
"rev": "7d5a4aaadac9ff63f9ed4347df95175aceee5079",
"type": "github"
},
"original": {
@ -2449,11 +2558,11 @@
]
},
"locked": {
"lastModified": 1734543842,
"narHash": "sha256-/QceWozrNg915Db9x/Ie5k67n9wKgGdTFng+Z1Qw0kE=",
"lastModified": 1736154270,
"narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "76159fc74eeac0599c3618e3601ac2b980a29263",
"rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b",
"type": "github"
},
"original": {
@ -2464,17 +2573,15 @@
},
"umu": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs_17"
},
"locked": {
"dir": "packaging/nix",
"lastModified": 1734207213,
"narHash": "sha256-5CZPAeKm24Y1BKnN8Md3HUViCMCs7AVghRC+05Bdlkk=",
"lastModified": 1738306689,
"narHash": "sha256-DE1+O2XSuqkTLihIhk7geI2M6tjcsrFztLiSfcDpo0A=",
"ref": "refs/heads/main",
"rev": "6189d0d9fd062e89a375db20aeae1d1c009e9833",
"revCount": 869,
"rev": "7a71163b79e56222fe3f3097d1e71208a91a1a3b",
"revCount": 917,
"submodules": true,
"type": "git",
"url": "https://github.com/Open-Wine-Components/umu-launcher/"
@ -2532,11 +2639,11 @@
]
},
"locked": {
"lastModified": 1734422917,
"narHash": "sha256-0y7DRaXslhfqVKV8a/talYTYAe2NHOQhMZG7KMNRCtc=",
"lastModified": 1737634991,
"narHash": "sha256-dBAnb7Kbnier30cA7AgxVSxxARmxKZ1vHZT33THSIr8=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "3e884d941ca819c1f2e50df8bdae0debded1ed87",
"rev": "e09dfe2726c8008f983e45a0aa1a3b7416aaeb8a",
"type": "github"
},
"original": {

12
flake.nix
View File

@ -43,8 +43,9 @@
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland = {
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
inputs.nixpkgs.follows ="nixpkgs";
url = "github:hyprwm/Hyprland";
# url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
# inputs.nixpkgs.follows ="nixpkgs";
};
mms.url = "github:mkaito/nixos-modded-minecraft-servers";
nix-alien = {
@ -75,7 +76,7 @@
};
umu = {
url = "git+https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging\/nix&submodules=1";
inputs.nixpkgs.follows = "nixpkgs";
# inputs.nixpkgs.follows = "nixpkgs";
};
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
@ -175,14 +176,11 @@
shared-patches = patchesPath [ ];
unstable-patches = shared-patches ++ patchesPath [
"366250.patch"
# "netbird-24.11.patch"
"onlyoffice.patch"
# "zen-kernels.patch"
];
stable-patches = shared-patches ++ patchesPath [
# "netbird-24.05.patch"
];
stable-patches = shared-patches ++ patchesPath [];
in {
customModules = builtins.listToAttrs (findModules ./modules);
customProfiles = builtins.listToAttrs (findModules ./profiles);

12
machines/AMD-Workstation/default.nix
View File

@ -16,7 +16,7 @@
customProfiles.hoyo
customProfiles.minecraft
customProfiles.nicotine
# customProfiles.sunshine
customProfiles.sunshine
customProfiles.wine-games
customProfiles.ollama
@ -32,14 +32,8 @@
security.pki.certificateFiles = [ ../../misc/mitmproxy-ca-cert.pem ];
virtualisation.libvirt.guests = {
win10 = {
autoStart = false;
user = config.mainuser;
group = "libvirtd";
xmlFile = ./vm/win10.xml;
};
win10code = {
autoStart = true;
autoStart = false;
user = config.mainuser;
group = "libvirtd";
xmlFile = ./vm/win10code.xml;
@ -142,6 +136,7 @@
pkgs.anydesk
pkgs.arduino-ide
pkgs.dbeaver-bin
pkgs.dig.dnsutils
pkgs.distrobox
pkgs.exercism
@ -195,6 +190,7 @@
".config/modprobed-db"
".config/sops/age"
".config/streamrip"
".local/share/DBeaverData"
".local/share/distrobox"
".local/share/maa"
".local/share/PrismLauncher"

227
machines/AMD-Workstation/vm/win10.xml
View File

@ -1,227 +0,0 @@
<domain type="kvm">
<name>win10</name>
<uuid>1a5ec2e0-bf62-480a-8ebd-f17f66c7c4bf</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://microsoft.com/win/10"/>
</libosinfo:libosinfo>
</metadata>
<memory unit="KiB">8388608</memory>
<currentMemory unit="KiB">2097152</currentMemory>
<memoryBacking>
<source type="memfd"/>
<access mode="shared"/>
</memoryBacking>
<vcpu placement="static">8</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch="x86_64" machine="pc-q35-8.1">hvm</type>
<loader readonly="yes" type="pflash">/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram template="/run/libvirt/nix-ovmf/OVMF_VARS.fd">/var/lib/libvirt/qemu/nvram/win10_VARS.fd</nvram>
<boot dev="hd"/>
</os>
<features>
<acpi/>
<apic/>
<hyperv mode="custom">
<relaxed state="on"/>
<vapic state="on"/>
<spinlocks state="on" retries="8191"/>
<vpindex state="on"/>
<synic state="on"/>
</hyperv>
<vmport state="off"/>
</features>
<cpu mode="host-passthrough" check="none" migratable="on">
<topology sockets="1" dies="1" cores="4" threads="2"/>
</cpu>
<clock offset="localtime">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="yes"/>
<timer name="hypervclock" present="yes"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
<devices>
<emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="qcow2" discard="unmap"/>
<source file="/media/libvirt/images/win10.qcow2"/>
<target dev="vda" bus="virtio"/>
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
</disk>
<disk type="file" device="disk">
<driver name="qemu" type="qcow2" discard="unmap"/>
<source file="/media/libvirt/images/win10-persist.qcow2"/>
<target dev="vdb" bus="virtio"/>
<address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
</disk>
<disk type="file" device="cdrom">
<driver name="qemu" type="raw"/>
<target dev="sda" bus="sata"/>
<readonly/>
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
</disk>
<controller type="usb" index="0" model="qemu-xhci" ports="15">
<address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="0" model="pcie-root"/>
<controller type="pci" index="1" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="1" port="0x10"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="2" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="2" port="0x11"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
</controller>
<controller type="pci" index="3" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="3" port="0x12"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
</controller>
<controller type="pci" index="4" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="4" port="0x13"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
</controller>
<controller type="pci" index="5" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="5" port="0x14"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
</controller>
<controller type="pci" index="6" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="6" port="0x15"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
</controller>
<controller type="pci" index="7" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="7" port="0x16"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
</controller>
<controller type="pci" index="8" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="8" port="0x17"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
</controller>
<controller type="pci" index="9" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="9" port="0x18"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="10" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="10" port="0x19"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
</controller>
<controller type="pci" index="11" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="11" port="0x1a"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
</controller>
<controller type="pci" index="12" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="12" port="0x1b"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
</controller>
<controller type="pci" index="13" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="13" port="0x1c"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
</controller>
<controller type="pci" index="14" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="14" port="0x1d"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5"/>
</controller>
<controller type="pci" index="15" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="15" port="0x1e"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x6"/>
</controller>
<controller type="pci" index="16" model="pcie-to-pci-bridge">
<model name="pcie-pci-bridge"/>
<address type="pci" domain="0x0000" bus="0x08" slot="0x00" function="0x0"/>
</controller>
<controller type="sata" index="0">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
</controller>
<controller type="virtio-serial" index="0">
<address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
</controller>
<controller type="scsi" index="0" model="lsilogic">
<address type="pci" domain="0x0000" bus="0x10" slot="0x01" function="0x0"/>
</controller>
<filesystem type="mount" accessmode="passthrough">
<driver type="virtiofs" queue="1024"/>
<binary path="/run/current-system/sw/bin/virtiofsd" xattr="on">
<cache mode="always"/>
</binary>
<source dir="/media/libvirt/viofs"/>
<target dir="vfio-fs"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</filesystem>
<interface type="bridge">
<mac address="52:54:00:5c:b7:0b"/>
<source bridge="br0"/>
<model type="virtio"/>
<link state="up"/>
<address type="pci" domain="0x0000" bus="0x06" slot="0x00" function="0x0"/>
</interface>
<serial type="pty">
<target type="isa-serial" port="0">
<model name="isa-serial"/>
</target>
</serial>
<console type="pty">
<target type="serial" port="0"/>
</console>
<channel type="spicevmc">
<target type="virtio" name="com.redhat.spice.0"/>
<address type="virtio-serial" controller="0" bus="0" port="1"/>
</channel>
<input type="tablet" bus="usb">
<address type="usb" bus="0" port="1"/>
</input>
<input type="mouse" bus="ps2"/>
<input type="keyboard" bus="ps2"/>
<graphics type="spice" port="-1" autoport="no">
<listen type="address"/>
<image compression="off"/>
<gl enable="no"/>
</graphics>
<sound model="ich9">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1b" function="0x0"/>
</sound>
<audio id="1" type="spice"/>
<video>
<model type="qxl" ram="65536" vram="65536" vgamem="16384" heads="1" primary="yes"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0"/>
</video>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="2"/>
</redirdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="3"/>
</redirdev>
<watchdog model="itco" action="reset"/>
<memballoon model="virtio">
<address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
</memballoon>
<rng model="virtio">
<backend model="random">/dev/urandom</backend>
<address type="pci" domain="0x0000" bus="0x09" slot="0x00" function="0x0"/>
</rng>
</devices>
<seclabel type="dynamic" model="dac" relabel="yes"/>
</domain>

4
machines/AMD-Workstation/vm/win10code.xml
View File

@ -17,9 +17,9 @@
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64' machine='pc-q35-9.1'>hvm</type>
<type arch='x86_64' machine='pc-q35-9.2'>hvm</type>
<loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram template='/run/libvirt/nix-ovmf/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/win10code_VARS.fd</nvram>
<nvram template='/run/libvirt/nix-ovmf/OVMF_VARS.fd' templateFormat="raw" format="raw">/var/lib/libvirt/qemu/nvram/win10code_VARS.fd</nvram>
</os>
<features>
<acpi/>

4
machines/AMD-Workstation/vm/win10ed.xml
View File

@ -17,9 +17,9 @@
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64' machine='pc-q35-9.1'>hvm</type>
<type arch='x86_64' machine='pc-q35-9.2'>hvm</type>
<loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram template='/run/libvirt/nix-ovmf/OVMF_VARS.fd'>/var/lib/libvirt/qemu/nvram/win10ed_VARS.fd</nvram>
<nvram template='/run/libvirt/nix-ovmf/OVMF_VARS.fd' templateFormat="raw" format="raw">/var/lib/libvirt/qemu/nvram/win10ed_VARS.fd</nvram>
</os>
<features>
<acpi/>

5
machines/Dell-Laptop/boot.nix
View File

@ -1,11 +1,10 @@
{ inputs, config, pkgs, lib, ... }:
let
zfs_arc_max = toString (2 * 1024 * 1024 * 1024);
chaoticPkgs = inputs.chaotic.packages.${pkgs.hostPlatform.system};
in {
boot = {
kernelPackages = chaoticPkgs.linuxPackages_cachyos;
zfs.package = chaoticPkgs.zfs_cachyos;
kernelPackages = pkgs.linuxPackages_xanmod_latest;
zfs.package = pkgs.zfs_unstable;
initrd = {
supportedFilesystems = [ "zfs" ];

3
machines/NixOS-VPS/default.nix
View File

@ -18,7 +18,7 @@
./services/dns.nix
./services/tailscale.nix
./services/tor-bridge.nix
./services/wireguard.nix
# ./services/wireguard.nix
./services/xtls.nix
customProfiles.authentik
@ -138,7 +138,6 @@
services.journald.extraConfig = "Compress=false";
nix.optimise.automatic = false;
nix.distributedBuilds = lib.mkForce false;
environment.noXlibs = lib.mkForce false;
fonts.enableDefaultPackages = lib.mkForce false;
security.polkit.enable = true;
# security.pam.enableSSHAgentAuth = true;

187
machines/NixOS-VPS/dns-mapping.nix
View File

@ -1,104 +1,101 @@
{
headscale-list = [
{ name = "ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "api.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "api.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
# { name = "auth.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "cache.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
# { name = "cal.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "code.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "docs.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "element.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "file.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "home.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "jackett.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "jellyfin.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "joplin.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "kavita.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "ldap.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "lib.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "matrix.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "medusa.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "net.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "openbooks.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "pdf.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "qbit.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "radarr.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "restic.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "s3.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "sonarr.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "stats.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "tools.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "turn.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "vault.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
# { name = "vw.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "wiki.ataraxiadev.com"; type = "A"; value = "100.64.0.2"; }
{ name = "cache.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "cal.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "code.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "docs.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "element.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "file.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "home.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "jackett.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "jellyfin.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "joplin.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "kavita.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "ldap.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "lib.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "matrix.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "medusa.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "net.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "openbooks.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "pdf.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "qbit.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "radarr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "restic.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "s3.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "sonarr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "stats.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "tools.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "turn.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "vault.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "vw.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "wiki.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "api.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "api.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
# { name = "auth.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "cache.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
# { name = "cal.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "code.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "docs.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "element.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "file.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "home.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "jackett.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "jellyfin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "joplin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "kavita.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "ldap.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "lib.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "matrix.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "medusa.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "net.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "openbooks.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "pdf.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "qbit.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "radarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "restic.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "s3.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "sonarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "stats.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "tools.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "turn.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "vault.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
# { name = "vw.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "wiki.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::2"; }
{ name = "cache.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "cal.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "code.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "docs.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "element.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "file.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "home.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "jackett.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "jellyfin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "joplin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "kavita.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "ldap.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "lib.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "matrix.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "medusa.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "net.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "openbooks.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "pdf.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "qbit.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "radarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "restic.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "s3.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "sonarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "stats.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "tools.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "turn.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "vault.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "vw.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "wiki.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
];
dnsmasq-list = [
# TODO: Fix dns resolution in blocky for unmapped subdomains of ataraxiadev.com
"/element.ataraxiadev.com/10.10.10.100"
"/matrix.ataraxiadev.com/10.10.10.100"
"/turn.ataraxiadev.com/10.10.10.100"
"/api.ataraxiadev.com/10.10.10.100"
# "/auth.ataraxiadev.com/10.10.10.100"
"/cache.ataraxiadev.com/10.10.10.100"
# "/cal.ataraxiadev.com/10.10.10.100"
"/code.ataraxiadev.com/10.10.10.100"
"/docs.ataraxiadev.com/10.10.10.100"
"/file.ataraxiadev.com/10.10.10.100"
"/home.ataraxiadev.com/10.10.10.100"
"/jackett.ataraxiadev.com/10.10.10.100"
"/jellyfin.ataraxiadev.com/10.10.10.100"
"/joplin.ataraxiadev.com/10.10.10.100"
"/kavita.ataraxiadev.com/10.10.10.100"
"/ldap.ataraxiadev.com/10.10.10.100"
"/lib.ataraxiadev.com/10.10.10.100"
"/medusa.ataraxiadev.com/10.10.10.100"
"/net.ataraxiadev.com/10.10.10.100"
"/openbooks.ataraxiadev.com/10.10.10.100"
"/pdf.ataraxiadev.com/10.10.10.100"
"/qbit.ataraxiadev.com/10.10.10.100"
"/radarr.ataraxiadev.com/10.10.10.100"
"/restic.ataraxiadev.com/10.10.10.100"
"/s3.ataraxiadev.com/10.10.10.100"
"/stats.ataraxiadev.com/10.10.10.100"
"/sonarr.ataraxiadev.com/10.10.10.100"
"/tools.ataraxiadev.com/10.10.10.100"
"/vault.ataraxiadev.com/10.10.10.100"
# "/vw.ataraxiadev.com/10.10.10.100"
"/wiki.ataraxiadev.com/10.10.10.100"
"/api.ataraxiadev.com/10.10.10.10"
"/cache.ataraxiadev.com/10.10.10.10"
"/cal.ataraxiadev.com/10.10.10.10"
"/code.ataraxiadev.com/10.10.10.10"
"/docs.ataraxiadev.com/10.10.10.10"
"/element.ataraxiadev.com/10.10.10.10"
"/file.ataraxiadev.com/10.10.10.10"
"/home.ataraxiadev.com/10.10.10.10"
"/jackett.ataraxiadev.com/10.10.10.10"
"/jellyfin.ataraxiadev.com/10.10.10.10"
"/joplin.ataraxiadev.com/10.10.10.10"
"/kavita.ataraxiadev.com/10.10.10.10"
"/ldap.ataraxiadev.com/10.10.10.10"
"/lib.ataraxiadev.com/10.10.10.10"
"/matrix.ataraxiadev.com/10.10.10.10"
"/medusa.ataraxiadev.com/10.10.10.10"
"/net.ataraxiadev.com/10.10.10.10"
"/openbooks.ataraxiadev.com/10.10.10.10"
"/pdf.ataraxiadev.com/10.10.10.10"
"/qbit.ataraxiadev.com/10.10.10.10"
"/radarr.ataraxiadev.com/10.10.10.10"
"/restic.ataraxiadev.com/10.10.10.10"
"/s3.ataraxiadev.com/10.10.10.10"
"/sonarr.ataraxiadev.com/10.10.10.10"
"/stats.ataraxiadev.com/10.10.10.10"
"/tools.ataraxiadev.com/10.10.10.10"
"/turn.ataraxiadev.com/10.10.10.10"
"/vault.ataraxiadev.com/10.10.10.10"
"/vw.ataraxiadev.com/10.10.10.10"
"/wiki.ataraxiadev.com/10.10.10.10"
];
}

7
machines/NixOS-VPS/network.nix
View File

@ -11,6 +11,7 @@ in {
nftables.enable = false; # incompatible with tailscale and docker
hostName = config.device;
domain = domain;
nameservers = with interfaces.main'; IPv4.dns ++ lib.optionals hasIPv6 IPv6.dns;
};
systemd.network = with interfaces.main'; {
@ -33,12 +34,6 @@ in {
"fc00::1/64"
];
linkConfig.RequiredForOnline = "routable";
networkConfig = {
DHCPServer = true;
IPForward = true;
# IPv6PrivacyExtensions = "kernel";
DNS = IPv4.dns ++ lib.optionals hasIPv6 IPv6.dns;
};
routes = [{
routeConfig.Gateway = IPv4.gateway;
routeConfig.GatewayOnLink = true;

6
modules/libvirt-guests.nix
View File

@ -240,11 +240,11 @@ in {
toString (sockets * cores * threads)
}</vcpu>
<os>
<type arch="x86_64" machine="pc-q35-7.2">hvm</type>
<type arch="x86_64" machine="pc-q35-9.2">hvm</type>
${
lib.optionalString guest.uefi ''
<loader readonly="yes" type="pflash">/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram template="/run/libvirt/nix-ovmf/OVMF_CODE.fd">/var/lib/libvirt/qemu/nvram/${name}_VARS.fd</nvram>
<loader readonly="yes" type="pflash" format="raw">/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram template="/run/libvirt/nix-ovmf/OVMF_CODE.fd" templateFormat="raw" format="raw">/var/lib/libvirt/qemu/nvram/${name}_VARS.fd</nvram>
''
}
</os>

61
patches/353833.patch
View File

@ -1,61 +0,0 @@
From bdfa0f011297b749d18954e76c8eb36309e3808d Mon Sep 17 00:00:00 2001
From: benaryorg <binary@benary.org>
Date: Tue, 5 Nov 2024 13:22:10 +0000
Subject: [PATCH] python3Packages.pywebview: build fix for tests
Fixes #353686
Basically the *tests/run.sh* used upstream has a few rough edges and this replaces it with a smoother version.
An issue was also opened on the upstream project to maybe get this smoothed out generally.
Story time for those who are curious.
Basically upstream uses this as a script to call for the CI pipeline where [the builds seem to run smoothly in appveyor](https://ci.appveyor.com/project/r0x0r/pywebview/builds/50791017).
However the general structure of the script iterates over the files, which in earlier versions had been done by collecting the list of tests via pytest itself, which replaced the earliest implementation which was a file hard-coding all the tests to run.
The latter had the benefit of being able to disable tests by commenting them out on our end, however the new version, at least for our purpose, is just a more complicated version of running pytest against the entire thing.
We can't just use plain pytest however (which'd presumably be supported by nixpkgs infra already) because we still need to shove the Qt and xvfb-run shims in between.
So with running pytest as a single command we are now (with this commit) able to specifically disable tests that we know to be flakey using regular pytest means.
With the Qt wrapper function passing extra args to *makeWrapper* we can use the extra flags to pass everything we need, and with the env invocation we avoid polluting the build environment so that the *checkPhase* itself doesn't change the output.
Now on to the actual failing tests, apparently those happened to be related to relative paths which use an internal HTTP server to be served (for absolute paths this is optional), and getting rid of the cwd shenanigans which were required by the upstream version of the script (since it globbed on the current directory) means that somehow pytest now runs these tests without changing directory in a subprocess so the asset used for testing is properly accessible (before this change one could "fix" the tests by changing to an absolute path in the tests).
Signed-off-by: benaryorg <binary@benary.org>
---
.../python-modules/pywebview/default.nix | 24 ++++++++-----------
1 file changed, 10 insertions(+), 14 deletions(-)
diff --git a/pkgs/development/python-modules/pywebview/default.nix b/pkgs/development/python-modules/pywebview/default.nix
index 96b1213ca5140..6346c96c62fcc 100644
--- a/pkgs/development/python-modules/pywebview/default.nix
+++ b/pkgs/development/python-modules/pywebview/default.nix
@@ -50,21 +50,17 @@ buildPythonPackage rec {
];
checkPhase = ''
- # Cannot create directory /homeless-shelter/.... Error: FILE_ERROR_ACCESS_DENIED
- export HOME=$TMPDIR
- # QStandardPaths: XDG_RUNTIME_DIR not set
- export XDG_RUNTIME_DIR=$HOME/xdg-runtime-dir
+ # a Qt wrapper is required to run the Qt backend
+ # since the upstream script does not have a way to disable tests individually pytest is used directly instead
+ makeQtWrapper "$(command -v pytest)" tests/run.sh \
+ --set PYWEBVIEW_LOG debug \
+ --add-flags "--deselect tests/test_js_api.py::test_concurrent"
- pushd tests
- substituteInPlace run.sh \
- --replace "PYTHONPATH=.." "PYTHONPATH=$PYTHONPATH" \
- --replace "pywebviewtest test_js_api.py::test_concurrent ''${PYTEST_OPTIONS}" "# skip flaky test_js_api.py::test_concurrent"
-
- patchShebangs run.sh
- wrapQtApp run.sh
-
- xvfb-run -s '-screen 0 800x600x24' ./run.sh
- popd
+ # HOME and XDG directories are required for the tests
+ env \
+ HOME=$TMPDIR \
+ XDG_RUNTIME_DIR=$TMPDIR/xdg-runtime-dir \
+ xvfb-run -s '-screen 0 800x600x24' tests/run.sh
'';
pythonImportsCheck = [ "webview" ];

22
patches/354243.patch
View File

@ -1,22 +0,0 @@
From d08e25d8683ebe341d2fed24523d7604793f3414 Mon Sep 17 00:00:00 2001
From: Kira Bruneau <kira.bruneau@pm.me>
Date: Thu, 7 Nov 2024 09:36:11 -0500
Subject: [PATCH] geoclue: fix placing updateScript in passthru
---
pkgs/development/libraries/geoclue/default.nix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pkgs/development/libraries/geoclue/default.nix b/pkgs/development/libraries/geoclue/default.nix
index d30c0b411796d..2b1e203c78089 100644
--- a/pkgs/development/libraries/geoclue/default.nix
+++ b/pkgs/development/libraries/geoclue/default.nix
@@ -94,7 +94,7 @@ stdenv.mkDerivation (finalAttrs: {
patchShebangs demo/install-file.py
'';
- updateScript = nix-update-script {};
+ passthru.updateScript = nix-update-script {};
meta = with lib; {
broken = stdenv.hostPlatform.isDarwin && withDemoAgent;

47
patches/366250.patch
View File

@ -1,47 +0,0 @@
From 477814140bcda31e08798ce9dc5ac8f55872d64c Mon Sep 17 00:00:00 2001
From: Petr Portnov <mrjarviscraft+nix@gmail.com>
Date: Wed, 18 Dec 2024 21:07:51 +0300
Subject: [PATCH] anydesk: add missing dependencies
---
pkgs/by-name/an/anydesk/package.nix | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/pkgs/by-name/an/anydesk/package.nix b/pkgs/by-name/an/anydesk/package.nix
index 00f6c2354a45f..ceb25c775d6c8 100644
--- a/pkgs/by-name/an/anydesk/package.nix
+++ b/pkgs/by-name/an/anydesk/package.nix
@@ -11,7 +11,10 @@
gdk-pixbuf,
glib,
gnome2,
- gtk2,
+ gtk3,
+ dbus,
+ harfbuzz,
+ libz,
libGLU,
libGL,
pango,
@@ -48,7 +51,10 @@ stdenv.mkDerivation (finalAttrs: {
cairo
gdk-pixbuf
glib
- gtk2
+ gtk3
+ dbus
+ harfbuzz
+ libz
stdenv.cc.cc
pango
gnome2.gtkglext
@@ -123,7 +129,8 @@ stdenv.mkDerivation (finalAttrs: {
lsb-release
pciutils
]
- }
+ } \
+ --prefix GDK_BACKEND : x11
'';
passthru = {

13
patches/fix-nix-2.19.patch
View File

@ -1,13 +0,0 @@
diff --git a/src/libutil/current-process.cc b/src/libutil/current-process.cc
index 352a6a0..7435f58 100644
--- a/src/libutil/current-process.cc
+++ b/src/libutil/current-process.cc
@@ -35,6 +35,8 @@ unsigned int getMaxCPU()
auto cpuMax = readFile(cpuFile);
auto cpuMaxParts = tokenizeString<std::vector<std::string>>(cpuMax, " \n");
+ if (cpuMaxParts.size() != 2)
+ return 0;
auto quota = cpuMaxParts[0];
auto period = cpuMaxParts[1];
if (quota != "max")

22
patches/hyprland-tablet.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/src/managers/input/Tablets.cpp b/src/managers/input/Tablets.cpp
index 0952a7d..f61d818 100644
--- a/src/managers/input/Tablets.cpp
+++ b/src/managers/input/Tablets.cpp
@@ -159,13 +159,12 @@ void CInputManager::onTabletAxis(CTablet::SAxisEvent e) {
void CInputManager::onTabletTip(CTablet::STipEvent e) {
const auto PTAB = e.tablet;
const auto PTOOL = ensureTabletToolPresent(e.tool);
- const auto POS = e.tip;
- g_pPointerManager->warpAbsolute(POS, PTAB);
- refocusTablet(PTAB, PTOOL, true);
- if (e.in)
+ if (e.in) {
+ simulateMouseMovement();
+ refocusTablet(PTAB, PTOOL);
PROTO::tablet->down(PTOOL);
- else
+ } else
PROTO::tablet->up(PTOOL);
PTOOL->isDown = e.in;

603
patches/netbird-24.05.patch
View File

@ -1,603 +0,0 @@
diff --git a/nixos/modules/services/networking/netbird.nix b/nixos/modules/services/networking/netbird.nix
index 7add37789..0160a8964 100644
--- a/nixos/modules/services/networking/netbird.nix
+++ b/nixos/modules/services/networking/netbird.nix
@@ -1,73 +1,155 @@
-{
- config,
- lib,
- pkgs,
- ...
+{ config
+, lib
+, pkgs
+, ...
}:
let
inherit (lib)
- attrNames
+ attrValues
+ concatLists
+ concatStringsSep
+ escapeShellArgs
+ filterAttrs
getExe
literalExpression
maintainers
+ makeBinPath
mapAttrs'
+ mapAttrsToList
mkDefault
- mkEnableOption
mkIf
mkMerge
mkOption
+ mkOptionDefault
mkPackageOption
+ mkRemovedOptionModule
nameValuePair
optional
+ optionalString
+ toShellVars
+ versionAtLeast
versionOlder
;
inherit (lib.types)
attrsOf
+ bool
+ enum
+ package
port
str
submodule
;
- kernel = config.boot.kernelPackages;
+ inherit (config.boot) kernelPackages;
+ inherit (config.boot.kernelPackages) kernel;
cfg = config.services.netbird;
+
+ toClientList = fn: map fn (attrValues cfg.clients);
+ toClientAttrs = fn: mapAttrs' (_: fn) cfg.clients;
+
+ hardenedClients = filterAttrs (_: client: client.hardened) cfg.clients;
+ toHardenedClientList = fn: map fn (attrValues hardenedClients);
+ toHardenedClientAttrs = fn: mapAttrs' (_: fn) hardenedClients;
+
+ nixosConfig = config;
in
{
meta.maintainers = with maintainers; [
misuzu
- thubrecht
+ nazarewk
];
meta.doc = ./netbird.md;
+ imports = [
+ (mkRemovedOptionModule [ "services" "netbird" "tunnels" ]
+ "The option `services.netbird.tunnels` has been renamed to `services.netbird.clients`")
+ ];
+
options.services.netbird = {
- enable = mkEnableOption "Netbird daemon";
+ enable = mkOption {
+ type = bool;
+ default = false;
+ description = ''
+ Enables backwards compatible Netbird client service.
+
+ This is strictly equivalent to:
+
+ ```nix
+ services.netbird.clients.wt0 = {
+ port = 51820;
+ name = "netbird";
+ interface = "wt0";
+ hardened = false;
+ };
+ ```
+ '';
+ };
package = mkPackageOption pkgs "netbird" { };
- tunnels = mkOption {
+ ui.enable = mkOption {
+ type = bool;
+ default = config.services.displayManager.sessionPackages != [ ] || config.services.xserver.enable;
+ defaultText = literalExpression ''
+ config.services.displayManager.sessionPackages != [ ] || config.services.xserver.enable
+ '';
+ description = ''
+ Controls presence `netbird-ui` wrappers, defaults to presence of graphical sessions.
+ '';
+ };
+ ui.package = mkPackageOption pkgs "netbird-ui" { };
+
+ clients = mkOption {
type = attrsOf (
submodule (
{ name, config, ... }:
+ let client = config; in
{
options = {
port = mkOption {
type = port;
- default = 51820;
+ example = literalExpression "51820";
description = ''
- Port for the ${name} netbird interface.
+ Port the Netbird client listens on.
'';
};
+ name = mkOption {
+ type = str;
+ default = name;
+ description = ''
+ Primary name for use (as a suffix) in:
+ - systemd service name,
+ - hardened user name and group,
+ - [systemd `*Directory=`](https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#RuntimeDirectory=) names,
+ - desktop application identification,
+ '';
+ };
+
+ interface = mkOption {
+ type = str;
+ default = "nb-${client.name}";
+ description = ''
+ Name of the network interface managed by this client.
+ '';
+ apply = iface:
+ lib.throwIfNot (builtins.stringLength iface <= 15) "Network interface name must be 15 characters or less"
+ iface;
+ };
+
environment = mkOption {
type = attrsOf str;
defaultText = literalExpression ''
{
- NB_CONFIG = "/var/lib/''${stateDir}/config.json";
- NB_LOG_FILE = "console";
- NB_WIREGUARD_PORT = builtins.toString port;
- NB_INTERFACE_NAME = name;
- NB_DAMEON_ADDR = "/var/run/''${stateDir}"
+ NB_CONFIG = "/var/lib/netbird-''${client.name}/config.json";
+ NB_DAEMON_ADDR = "unix:///var/run/netbird-''${client.name}/sock";
+ NB_INTERFACE_NAME = config.interface;
+ NB_LOG_FILE = mkOptionDefault "console";
+ NB_LOG_LEVEL = config.logLevel;
+ NB_SERVICE = "netbird-''${client.name}";
+ NB_WIREGUARD_PORT = toString config.port;
}
'';
description = ''
@@ -75,97 +157,361 @@ in
'';
};
- stateDir = mkOption {
- type = str;
- default = "netbird-${name}";
+ autoStart = mkOption {
+ type = bool;
+ default = true;
+ description = ''
+ Start the service with the system.
+
+ As of 2024-02-13 it is not possible to start a Netbird client daemon without immediately
+ connecting to the network, but it is [planned for a near future](https://github.com/netbirdio/netbird/projects/2#card-91718018).
+ '';
+ };
+
+ openFirewall = mkOption {
+ type = bool;
+ default = true;
+ description = ''
+ Opens up firewall `port` for communication between Netbird peers directly over LAN or public IP,
+ without using (internet-hosted) TURN servers as intermediaries.
+ '';
+ };
+
+ hardened = mkOption {
+ type = bool;
+ default = true;
description = ''
- Directory storing the netbird configuration.
+ Hardened service:
+ - runs as a dedicated user with minimal set of permissions (see caveats),
+ - restricts daemon configuration socket access to dedicated user group
+ (you can grant access to it with `users.users."<user>".extraGroups = [ "netbird-${client.name}" ]`),
+
+ Even though the local system resources access is restricted:
+ - `CAP_NET_RAW`, `CAP_NET_ADMIN` and `CAP_BPF` still give unlimited network manipulation possibilites,
+ - older kernels don't have `CAP_BPF` and use `CAP_SYS_ADMIN` instead,
+
+ Known security features that are not (yet) integrated into the module:
+ - 2024-02-14: `rosenpass` is an experimental feature configurable solely
+ through `--enable-rosenpass` flag on the `netbird up` command,
+ see [the docs](https://docs.netbird.io/how-to/enable-post-quantum-cryptography)
+ '';
+ };
+
+ logLevel = mkOption {
+ type = enum [
+ # logrus loglevels
+ "panic"
+ "fatal"
+ "error"
+ "warn"
+ "warning"
+ "info"
+ "debug"
+ "trace"
+ ];
+ default = "info";
+ description = "Log level of the Netbird daemon.";
+ };
+
+ ui.enable = mkOption {
+ type = bool;
+ default = nixosConfig.services.netbird.ui.enable;
+ defaultText = literalExpression ''config.ui.enable'';
+ description = ''
+ Controls presence of `netbird-ui` wrapper for this Netbird client.
+ '';
+ };
+
+ wrapper = mkOption {
+ type = package;
+ internal = true;
+ default =
+ let
+ makeWrapperArgs = concatLists (mapAttrsToList
+ (key: value: [ "--set-default" key value ])
+ config.environment
+ );
+ in
+ pkgs.stdenv.mkDerivation {
+ name = "${cfg.package.name}-wrapper-${client.name}";
+ meta.mainProgram = "netbird-${client.name}";
+ nativeBuildInputs = with pkgs; [ makeWrapper ];
+ phases = [ "installPhase" ];
+ installPhase = concatStringsSep "\n" [
+ ''
+ mkdir -p "$out/bin"
+ makeWrapper ${lib.getExe cfg.package} "$out/bin/netbird-${client.name}" \
+ ${escapeShellArgs makeWrapperArgs}
+ ''
+ (optionalString cfg.ui.enable ''
+ # netbird-ui doesn't support envvars
+ makeWrapper ${lib.getExe cfg.ui.package} "$out/bin/netbird-ui-${client.name}" \
+ --add-flags '--daemon-addr=${config.environment.NB_DAEMON_ADDR}'
+
+ mkdir -p "$out/share/applications"
+ substitute ${cfg.ui.package}/share/applications/netbird.desktop \
+ "$out/share/applications/netbird-${client.name}.desktop" \
+ --replace-fail 'Name=Netbird' "Name=Netbird @ netbird-${client.name}" \
+ --replace-fail '${lib.getExe cfg.ui.package}' "$out/bin/netbird-ui-${client.name}"
+ '')
+ ];
+ };
+ };
+
+ # see https://github.com/netbirdio/netbird/blob/88747e3e0191abc64f1e8c7ecc65e5e50a1527fd/client/internal/config.go#L49-L82
+ config = mkOption {
+ type = (pkgs.formats.json { }).type;
+ defaultText = literalExpression ''
+ {
+ DisableAutoConnect = !config.autoStart;
+ WgIface = config.interface;
+ WgPort = config.port;
+ }
+ '';
+ description = ''
+ Additional configuration that exists before the first start and
+ later overrides the existing values in `config.json`.
+
+ It is mostly helpful to manage configuration ignored/not yet implemented
+ outside of `netbird up` invocation.
+
+ WARNING: this is not an upstream feature, it could break in the future
+ (by having lower priority) after upstream implements an equivalent.
+
+ It is implemented as a `preStart` script which overrides `config.json`
+ with content of `/etc/netbird-${client.name}/config.d/*.json` files.
+ This option manages specifically `50-nixos.json` file.
+
+ Consult [the source code](https://github.com/netbirdio/netbird/blob/88747e3e0191abc64f1e8c7ecc65e5e50a1527fd/client/internal/config.go#L49-L82)
+ or inspect existing file for a complete list of available configurations.
'';
};
};
- config.environment = builtins.mapAttrs (_: mkDefault) {
- NB_CONFIG = "/var/lib/${config.stateDir}/config.json";
- NB_LOG_FILE = "console";
- NB_WIREGUARD_PORT = builtins.toString config.port;
- NB_INTERFACE_NAME = name;
- NB_DAEMON_ADDR = "unix:///var/run/${config.stateDir}/sock";
+ config.environment = {
+ NB_CONFIG = "/var/lib/netbird-${client.name}/config.json";
+ NB_DAEMON_ADDR = "unix:///var/run/netbird-${client.name}/sock";
+ NB_INTERFACE_NAME = config.interface;
+ NB_LOG_FILE = mkOptionDefault "console";
+ NB_LOG_LEVEL = config.logLevel;
+ NB_SERVICE = "netbird-${client.name}";
+ NB_WIREGUARD_PORT = toString config.port;
+ };
+
+ config.config = {
+ DisableAutoConnect = !config.autoStart;
+ WgIface = config.interface;
+ WgPort = config.port;
};
}
)
);
default = { };
description = ''
- Attribute set of Netbird tunnels, each one will spawn a daemon listening on ...
+ Attribute set of Netbird client daemons, by default each one will:
+
+ 1. be manageable using dedicated tooling:
+ - `netbird-<name>` script,
+ - `Netbird - netbird-<name>` graphical interface when appropriate (see `ui.enable`),
+ 2. run as a `netbird-<name>.service`,
+ 3. listen for incoming remote connections on the port `51820` (`openFirewall` by default),
+ 4. manage the `netbird-<name>` wireguard interface,
+ 5. use the `/var/lib/netbird-<name>/config.json` configuration file,
+ 6. override `/var/lib/netbird-<name>/config.json` with values from `/etc/netbird-<name>/config.d/*.json`,
+ 7. (`hardened`) be locally manageable by `netbird-<name>` system group,
+
+ With following caveats:
+
+ - multiple daemons will interfere with each other's DNS resolution of `netbird.cloud`, but
+ should remain fully operational otherwise.
+ Setting up custom (non-conflicting) DNS zone is currently possible only when self-hosting.
+ '';
+ example = lib.literalExpression ''
+ {
+ services.netbird.clients.wt0.port = 51820;
+ services.netbird.clients.personal.port = 51821;
+ services.netbird.clients.work1.port = 51822;
+ }
'';
};
};
config = mkMerge [
- (mkIf cfg.enable {
- # For backwards compatibility
- services.netbird.tunnels.wt0.stateDir = "netbird";
- })
+ (mkIf cfg.enable (
+ let name = "wt0"; client = cfg.clients."${name}"; in {
+ services.netbird.clients."${name}" = {
+ port = mkDefault 51820;
+ name = mkDefault "netbird";
+ interface = mkDefault "wt0";
+ hardened = mkDefault false;
+ };
- (mkIf (cfg.tunnels != { }) {
- boot.extraModulePackages = optional (versionOlder kernel.kernel.version "5.6") kernel.wireguard;
+ environment.systemPackages = [
+ (lib.hiPrio (pkgs.runCommand "${client.name}-as-default" { } ''
+ mkdir -p "$out/bin"
+ for binary in netbird ${optionalString cfg.ui.enable "netbird-ui"} ; do
+ ln -s "${client.wrapper}/bin/$binary-${client.name}" "$out/bin/$binary"
+ done
+ ''))
+ ];
+ }
+ ))
+ {
+ boot.extraModulePackages = optional
+ (cfg.clients != { } && (versionOlder kernel.version "5.6"))
+ kernelPackages.wireguard;
- environment.systemPackages = [ cfg.package ];
+ environment.systemPackages =
+ toClientList (client: client.wrapper)
+ # omitted due to https://github.com/netbirdio/netbird/issues/1562
+ #++ optional (cfg.clients != { }) cfg.package
+ # omitted due to https://github.com/netbirdio/netbird/issues/1581
+ #++ optional (cfg.clients != { } && cfg.ui.enable) cfg.ui.package
+ ;
- networking.dhcpcd.denyInterfaces = attrNames cfg.tunnels;
+ networking.dhcpcd.denyInterfaces = toClientList (client: client.interface);
+ networking.networkmanager.unmanaged = toClientList (client: "interface-name:${client.interface}");
- systemd.network.networks = mkIf config.networking.useNetworkd (
- mapAttrs'
- (
- name: _:
- nameValuePair "50-netbird-${name}" {
- matchConfig = {
- Name = name;
- };
- linkConfig = {
- Unmanaged = true;
- ActivationPolicy = "manual";
- };
- }
- )
- cfg.tunnels
- );
+ networking.firewall.allowedUDPPorts = concatLists (toClientList (client: optional client.openFirewall client.port));
- systemd.services =
- mapAttrs'
- (
- name:
- { environment, stateDir, ... }:
- nameValuePair "netbird-${name}" {
- description = "A WireGuard-based mesh network that connects your devices into a single private network";
+ systemd.network.networks = mkIf config.networking.useNetworkd (toClientAttrs (client:
+ nameValuePair "50-netbird-${client.interface}" {
+ matchConfig = {
+ Name = client.interface;
+ };
+ linkConfig = {
+ Unmanaged = true;
+ ActivationPolicy = "manual";
+ };
+ }
+ ));
- documentation = [ "https://netbird.io/docs/" ];
+ environment.etc = toClientAttrs (client: nameValuePair "netbird-${client.name}/config.d/50-nixos.json" {
+ text = builtins.toJSON client.config;
+ mode = "0444";
+ });
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
+ systemd.services = toClientAttrs (client: nameValuePair "netbird-${client.name}" {
+ description = "A WireGuard-based mesh network that connects your devices into a single private network";
- path = with pkgs; [ openresolv ];
+ documentation = [ "https://netbird.io/docs/" ];
- inherit environment;
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
- serviceConfig = {
- ExecStart = "${getExe cfg.package} service run";
- Restart = "always";
- RuntimeDirectory = stateDir;
- StateDirectory = stateDir;
- StateDirectoryMode = "0700";
- WorkingDirectory = "/var/lib/${stateDir}";
- };
+ path = optional (!config.services.resolved.enable) pkgs.openresolv;
- unitConfig = {
- StartLimitInterval = 5;
- StartLimitBurst = 10;
- };
+ serviceConfig = {
+ ExecStart = "${getExe client.wrapper} service run";
+ Restart = "always";
+
+ RuntimeDirectory = "netbird-${client.name}";
+ RuntimeDirectoryMode = mkDefault "0755";
+ ConfigurationDirectory = "netbird-${client.name}";
+ StateDirectory = "netbird-${client.name}";
+ StateDirectoryMode = "0700";
+
+ WorkingDirectory = "/var/lib/netbird-${client.name}";
+ };
+
+ unitConfig = {
+ StartLimitInterval = 5;
+ StartLimitBurst = 10;
+ };
+
+ stopIfChanged = false;
+ });
+ }
+ # Hardening section
+ (mkIf (hardenedClients != { }) {
+ users.groups = toHardenedClientAttrs (client: nameValuePair "netbird-${client.name}" { });
+ users.users = toHardenedClientAttrs (client: nameValuePair "netbird-${client.name}" {
+ isSystemUser = true;
+ home = "/var/lib/netbird-${client.name}";
+ group = "netbird-${client.name}";
+ });
+
+ systemd.services = toHardenedClientAttrs (client: nameValuePair "netbird-${client.name}" (mkIf client.hardened {
+ serviceConfig = {
+ RuntimeDirectoryMode = "0750";
+
+ User = "netbird-${client.name}";
+ Group = "netbird-${client.name}";
+
+ # settings implied by DynamicUser=true, without actully using it,
+ # see https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#DynamicUser=
+ RemoveIPC = true;
+ PrivateTmp = true;
+ ProtectSystem = "strict";
+ ProtectHome = "yes";
- stopIfChanged = false;
- }
- )
- cfg.tunnels;
+ AmbientCapabilities = [
+ # see https://man7.org/linux/man-pages/man7/capabilities.7.html
+ # see https://docs.netbird.io/how-to/installation#running-net-bird-in-docker
+ #
+ # seems to work fine without CAP_SYS_ADMIN and CAP_SYS_RESOURCE
+ # CAP_NET_BIND_SERVICE could be added to allow binding on low ports, but is not required,
+ # see https://github.com/netbirdio/netbird/pull/1513
+
+ # failed creating tunnel interface wt-priv: [operation not permitted
+ "CAP_NET_ADMIN"
+ # failed to pull up wgInterface [wt-priv]: failed to create ipv4 raw socket: socket: operation not permitted
+ "CAP_NET_RAW"
+ ]
+ # required for eBPF filter, used to be subset of CAP_SYS_ADMIN
+ ++ optional (versionAtLeast kernel.version "5.8") "CAP_BPF"
+ ++ optional (versionOlder kernel.version "5.8") "CAP_SYS_ADMIN"
+ ;
+ };
+ }));
+
+ # see https://github.com/systemd/systemd/blob/17f3e91e8107b2b29fe25755651b230bbc81a514/src/resolve/org.freedesktop.resolve1.policy#L43-L43
+ security.polkit.extraConfig = mkIf config.services.resolved.enable ''
+ // systemd-resolved access for Netbird clients
+ polkit.addRule(function(action, subject) {
+ var actions = [
+ "org.freedesktop.resolve1.set-dns-servers",
+ "org.freedesktop.resolve1.set-domains",
+ ];
+ var users = ${builtins.toJSON (toHardenedClientList (client: "netbird-${client.name}"))};
+
+ if (actions.indexOf(action.id) >= 0 && users.indexOf(subject.user) >= 0 ) {
+ return polkit.Result.YES;
+ }
+ });
+ '';
})
+ # migration & temporary fixups section
+ {
+ systemd.services = toClientAttrs (client: nameValuePair "netbird-${client.name}" {
+ preStart = ''
+ set -eEuo pipefail
+ ${optionalString (client.logLevel == "trace" || client.logLevel == "debug") "set -x"}
+
+ PATH="${makeBinPath (with pkgs; [coreutils jq diffutils])}:$PATH"
+ export ${toShellVars client.environment}
+
+ # merge /etc/netbird-${client.name}/config.d' into "$NB_CONFIG"
+ {
+ test -e "$NB_CONFIG" || echo -n '{}' > "$NB_CONFIG"
+
+ # merge config.d with "$NB_CONFIG" into "$NB_CONFIG.new"
+ jq -sS 'reduce .[] as $i ({}; . * $i)' \
+ "$NB_CONFIG" \
+ /etc/netbird-${client.name}/config.d/*.json \
+ > "$NB_CONFIG.new"
+
+ echo "Comparing $NB_CONFIG with $NB_CONFIG.new ..."
+ if ! diff <(jq -S <"$NB_CONFIG") "$NB_CONFIG.new" ; then
+ echo "Updating $NB_CONFIG ..."
+ mv "$NB_CONFIG.new" "$NB_CONFIG"
+ else
+ echo "Files are the same, not doing anything."
+ rm "$NB_CONFIG.new"
+ fi
+ }
+ '';
+ });
+ }
];
}

22
patches/onlyoffice.patch
View File

@ -1,5 +1,5 @@
diff --git a/nixos/modules/services/web-apps/onlyoffice.nix b/nixos/modules/services/web-apps/onlyoffice.nix
index d56a4d66283c..c3f8323a5ddf 100644
index f56dfd341dcc..c3f8323a5ddf 100644
--- a/nixos/modules/services/web-apps/onlyoffice.nix
+++ b/nixos/modules/services/web-apps/onlyoffice.nix
@@ -82,119 +82,6 @@ in
@ -29,27 +29,27 @@ index d56a4d66283c..c3f8323a5ddf 100644
- virtualHosts.${cfg.hostname} = {
- locations = {
- # /etc/nginx/includes/ds-docservice.conf
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps\/apps\/api\/documents\/api\.js)$".extraConfig =
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps\\/apps\\/api\\/documents\\/api\\.js)$".extraConfig =
- ''
- expires -1;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2;
- '';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps)(\/.*\.json)$".extraConfig = ''
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps)(\\/.*\\.json)$".extraConfig = ''
- expires 365d;
- error_log /dev/null crit;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
- '';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(sdkjs-plugins)(\/.*\.json)$".extraConfig = ''
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(sdkjs-plugins)(\\/.*\\.json)$".extraConfig = ''
- expires 365d;
- error_log /dev/null crit;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
- '';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\/.*)$".extraConfig =
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\\/.*)$".extraConfig =
- ''
- expires 365d;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
- '';
- "~* ^(\/cache\/files.*)(\/.*)".extraConfig = ''
- "~* ^(\\/cache\\/files.*)(\\/.*)".extraConfig = ''
- alias /var/lib/onlyoffice/documentserver/App_Data$1;
- add_header Content-Disposition "attachment; filename*=UTF-8''$arg_filename";
-
@ -65,12 +65,12 @@ index d56a4d66283c..c3f8323a5ddf 100644
- return 410;
- }
- '';
- "~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(internal)(\/.*)$".extraConfig = ''
- "~* ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(internal)(\\/.*)$".extraConfig = ''
- allow 127.0.0.1;
- deny all;
- proxy_pass http://onlyoffice-docservice/$2$3;
- '';
- "~* ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(info)(\/.*)$".extraConfig = ''
- "~* ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(info)(\\/.*)$".extraConfig = ''
- allow 127.0.0.1;
- deny all;
- proxy_pass http://onlyoffice-docservice/$2$3;
@ -78,19 +78,19 @@ index d56a4d66283c..c3f8323a5ddf 100644
- "/".extraConfig = ''
- proxy_pass http://onlyoffice-docservice;
- '';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?(\/doc\/.*)".extraConfig = ''
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?(\\/doc\\/.*)".extraConfig = ''
- proxy_pass http://onlyoffice-docservice$2;
- proxy_http_version 1.1;
- '';
- "/${cfg.package.version}/".extraConfig = ''
- proxy_pass http://onlyoffice-docservice/;
- '';
- "~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(dictionaries)(\/.*)$".extraConfig = ''
- "~ ^(\\/[\\d]+\\.[\\d]+\\.[\\d]+[\\.|-][\\d]+)?\\/(dictionaries)(\\/.*)$".extraConfig = ''
- expires 365d;
- alias ${cfg.package}/var/www/onlyoffice/documentserver/$2$3;
- '';
- # /etc/nginx/includes/ds-example.conf
- "~ ^(\/welcome\/.*)$".extraConfig = ''
- "~ ^(\\/welcome\\/.*)$".extraConfig = ''
- expires 365d;
- alias ${cfg.package}/var/www/onlyoffice/documentserver-example$1;
- index docker.html;

16
patches/zfs-2.2.5.patch
View File

@ -1,16 +0,0 @@
diff --git a/pkgs/os-specific/linux/zfs/2_2.nix b/pkgs/os-specific/linux/zfs/2_2.nix
index 9e3fde0780f0..9165ab4d5d1b 100644
--- a/pkgs/os-specific/linux/zfs/2_2.nix
+++ b/pkgs/os-specific/linux/zfs/2_2.nix
@@ -15,9 +15,9 @@ callPackage ./generic.nix args {
# this attribute is the correct one for this package.
kernelModuleAttribute = "zfs_2_2";
# check the release notes for compatible kernels
- kernelCompatible = kernel.kernelOlder "6.10";
+ kernelCompatible = kernel.kernelOlder "6.11";
- latestCompatibleLinuxPackages = linuxKernel.packages.linux_6_6;
+ latestCompatibleLinuxPackages = linuxKernel.packages.linux_6_10;
# this package should point to the latest release.
version = "2.2.5";

16
profiles/applications/games/steam.nix
View File

@ -3,6 +3,22 @@
programs.steam.extraCompatPackages = [
pkgs.proton-ge-bin
];
programs.steam.gamescopeSession.enable = true;
programs.steam.gamescopeSession.env = {
MANGOHUD = "1";
CONNECTOR = "*,DP-3";
};
programs.steam.gamescopeSession.args = [
"-w 2560"
"-h 1440"
"-W 2560"
"-H 1440"
"-r 144"
"--hdr-enabled"
"--hdr-itm-enable"
"--adaptive-sync"
];
programs.gamescope.enable = true;
programs.gamescope.capSysNice = false;

16
profiles/applications/games/sunshine.nix Normal file
View File

@ -0,0 +1,16 @@
{ ... }: {
services.sunshine = {
enable = true;
autoStart = true;
capSysAdmin = true;
openFirewall = true;
};
# boot.kernelModules = [ "uinput" ];
# services.udev.extraRules = ''
# KERNEL=="uinput", GROUP="input", MODE="0660" OPTIONS+="static_node=uinput"
# '';
persist.state.homeDirectories = [ ".config/sunshine" ];
}

2
profiles/applications/games/wine-games.nix
View File

@ -6,7 +6,7 @@
pkgs.osu-lazer-bin
pkgs.protonup-qt
pkgs.realrtcw
pkgs.umu-launcher
# pkgs.umu-launcher
pkgs.wine
];
persist.state.homeDirectories = [

8
profiles/applications/packages.nix
View File

@ -47,6 +47,7 @@ with config.deviceSpecific; {
yt-dlp
# ---- gui ----
bitwarden
foliate
jellyfin-mpv-shim
jellyfin-media-player
obs-studio
@ -62,11 +63,11 @@ with config.deviceSpecific; {
webcord-vencord
youtube-to-mpv
] ++ lib.optionals isGaming [
ceserver
# ceserver
gamescope
protonhax
protontricks
vkBasalt
# protontricks
# vkBasalt
# wine
# winetricks
];
@ -89,6 +90,7 @@ with config.deviceSpecific; {
".config/Sonixd"
".config/WebCord"
".config/xarchiver"
".local/share/com.github.johnfactotum.Foliate"
".local/share/jellyfinmediaplayer"
".local/share/tor-browser"
".android"

31
profiles/applications/sunshine.nix
View File

@ -1,31 +0,0 @@
{ config, pkgs, ... }: {
boot.kernelModules = [ "uinput" ];
services.udev.extraRules = ''
KERNEL=="uinput", GROUP="input", MODE="0660" OPTIONS+="static_node=uinput"
'';
environment.systemPackages = [ pkgs.sunshine ];
security.wrappers.sunshine = {
owner = "root";
group = "root";
capabilities = "cap_sys_admin+p";
source = "${pkgs.sunshine}/bin/sunshine";
};
systemd.user.services.sunshine = {
description = "sunshine";
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = "${config.security.wrapperDir}/sunshine";
};
};
networking.firewall = {
allowedTCPPorts = [ 47984 47989 47990 48010 ];
allowedUDPPorts = [ 47998 47999 48000 48002 48010 ];
};
persist.state.homeDirectories = [ ".config/sunshine" ];
}

2
profiles/applications/waydroid.nix
View File

@ -5,7 +5,7 @@ let
ApiLevel = 30
'';
in {
config = lib.mkIf config.deviceSpecific.isGaming {
config = {
environment.etc."gbinder.d/waydroid.conf".source = lib.mkForce waydroidGbinderConf;
virtualisation.waydroid.enable = true;
home-manager.users.${config.mainuser}.home.packages = [ pkgs.waydroid-script ];

15
profiles/overlay.nix
View File

@ -20,10 +20,12 @@ with lib; {
attic-client = inputs.attic.packages.${system}.attic;
attic-server = inputs.attic.packages.${system}.attic-server;
cassowary-py = inputs.cassowary.packages.${system}.cassowary;
heroic = (prev.heroic.override { extraPkgs = pkgs: [ final.umu-launcher ]; });
# heroic = (prev.heroic.override { extraPkgs = pkgs: [ final.umu-launcher ]; });
nix-alien = inputs.nix-alien.packages.${system}.nix-alien;
nix-fast-build = inputs.nix-fast-build.packages.${system}.default;
nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update;
osu-lazer = master.osu-lazer;
osu-lazer-bin = master.osu-lazer-bin;
prismlauncher = inputs.prismlauncher.packages.${system}.prismlauncher.override {
jdks = [ pkgs.temurin-bin ];
};
@ -35,7 +37,7 @@ with lib; {
steam = prev.steam.override {
extraPkgs = pkgs: with pkgs; [ mono libkrb5 keyutils ];
};
umu-launcher = inputs.umu.packages.${system}.umu;
# umu-launcher = inputs.umu.packages.${system}.umu;
wine = prev.wineWow64Packages.stagingFull;
intel-vaapi-driver = prev.intel-vaapi-driver.override { enableHybridCodec = true; };
@ -48,6 +50,15 @@ with lib; {
'';
});
hyprland = prev.hyprland.overrideAttrs (oa: {
patches = (oa.patches or []) ++ [
../patches/hyprland-tablet.patch
];
});
maa-assistant-arknights = prev.maa-assistant-arknights.overrideAttrs (_: {
env.NIX_CFLAGS_COMPILE = "-Wno-error=maybe-uninitialized";
});
neatvnc = prev.neatvnc.overrideAttrs (oa: {
patches = [ ../patches/neatvnc.patch ] ++ oa.patches or [ ];
});

2
profiles/sound/default.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: {
security.rtkit.enable = true;
hardware.pulseaudio.enable = lib.mkForce false;
services.pulseaudio.enable = false;
services.jack.jackd.enable = lib.mkForce false;
services.pipewire = {

11
profiles/virtualisation.nix
View File

@ -77,16 +77,5 @@ with config.deviceSpecific; {
"/var/lib/libvirt"
"/var/lib/containers"
];
# cross compilation of aarch64 uefi currently broken
# link existing extracted from fedora package
system.activationScripts.aarch64-ovmf = lib.mkIf (!isServer) {
text = ''
rm -f /run/libvirt/nix-ovmf/AAVMF_*
mkdir -p /run/libvirt/nix-ovmf || true
${pkgs.zstd}/bin/zstd -d ${../misc/AAVMF_CODE.fd.zst} -o /run/libvirt/nix-ovmf/AAVMF_CODE.fd
${pkgs.zstd}/bin/zstd -d ${../misc/AAVMF_VARS.fd.zst} -o /run/libvirt/nix-ovmf/AAVMF_VARS.fd
'';
};
};
}

40
profiles/workspace/catppuccin/catppuccin.nix
View File

@ -1,8 +1,8 @@
{ cfg }: { config, pkgs, lib, inputs, ... }: {
catppuccin.accent = cfg.accent;
catppuccin.flavor = cfg.flavor;
boot.loader.grub.catppuccin.enable = true;
console.catppuccin.enable = true;
catppuccin.grub.enable = true;
catppuccin.tty.enable = true;
environment.systemPackages = [
pkgs.libsForQt5.qtstyleplugin-kvantum
@ -13,25 +13,23 @@
catppuccin.accent = cfg.accent;
catppuccin.flavor = cfg.flavor;
qt.style.catppuccin.enable = true;
qt.style.catppuccin.apply = true;
services.mako.catppuccin.enable = true;
programs = {
bat.catppuccin.enable = true;
bottom.catppuccin.enable = true;
fzf.catppuccin.enable = true;
gitui.catppuccin.enable = true;
glamour.catppuccin.enable = true;
kitty.catppuccin.enable = true;
micro.catppuccin.enable = true;
mpv.catppuccin.enable = true;
rofi.catppuccin.enable = true;
zathura.catppuccin.enable = true;
zsh.syntaxHighlighting.enable = true;
zsh.syntaxHighlighting.catppuccin.enable = true;
waybar.catppuccin.enable = true;
waybar.catppuccin.mode = "createLink";
};
catppuccin.bat.enable = true;
catppuccin.bottom.enable = true;
catppuccin.fzf.enable = true;
catppuccin.gitui.enable = true;
catppuccin.glamour.enable = true;
catppuccin.kitty.enable = true;
catppuccin.kvantum.apply = true;
catppuccin.kvantum.enable = true;
catppuccin.mako.enable = true;
catppuccin.micro.enable = true;
catppuccin.mpv.enable = true;
catppuccin.rofi.enable = true;
catppuccin.waybar.enable = true;
catppuccin.waybar.mode = "createLink";
catppuccin.zathura.enable = true;
catppuccin.zsh-syntax-highlighting.enable = true;
programs.zsh.syntaxHighlighting.enable = true;
wayland.windowManager.hyprland.extraConfig = ''
exec=hyprctl setcursor catppuccin-${cfg.flavor}-${cfg.accent}-cursors ${toString cfg.thm.cursorSize}

6
profiles/workspace/cursor.nix
View File

@ -2,9 +2,9 @@
let
thm = config.lib.base16.theme;
in {
environment.sessionVariables = {
XCURSOR_PATH = lib.mkForce "/home/${config.mainuser}/.icons";
};
# environment.sessionVariables = {
# XCURSOR_PATH = lib.mkForce "/home/${config.mainuser}/.icons";
# };
home-manager.users.${config.mainuser} = {
home.pointerCursor = {

5
profiles/workspace/kde.nix
View File

@ -3,11 +3,12 @@ with config.lib.base16.theme; {
services.dbus.packages =
[ pkgs.systemd iconPackage ];
services.udev.packages = [ pkgs.libmtp pkgs.media-player-info ];
environment.variables.QT_QPA_PLATFORMTHEME = lib.mkForce "kvantum";
qt = {
enable = false;
style = "kvantum";
platformTheme = "qt5ct";
style = lib.mkForce "kvantum";
platformTheme = lib.mkForce "qt5ct";
};
# environment.systemPackages = with pkgs; [

5
profiles/workspace/misc.nix
View File

@ -2,8 +2,9 @@
with config.deviceSpecific; {
environment.sessionVariables =
builtins.mapAttrs (_: toString)
config.home-manager.users.${config.mainuser}.home.sessionVariables // rec {
builtins.mapAttrs (_n: v: lib.mkForce (toString v))
config.home-manager.users.${config.mainuser}.home.sessionVariables //
rec {
LESS = "MR";
LESSHISTFILE = "~/.local/share/lesshist";
SYSTEMD_LESS = LESS;

19
profiles/workspace/wayland/hyprland.nix
View File

@ -50,8 +50,9 @@ in {
in concatStrings [
''
${if config.device == "AMD-Workstation" then ''
monitor=DP-3,2560x1440@59951,0x0,1
monitor=HDMI-A-1,disable
monitor=DP-3,2560x1440@164.998993,0x0,1
monitor=HDMI-A-1,1920x1080@60,-1920x360,1
monitor=,highres,auto,1
'' else ''
monitor=,highres,auto,1
''}
@ -102,11 +103,18 @@ in {
''}
${lib.optionalString isLaptop "scroll_method=2fg"}
${lib.optionalString isLaptop ''
touchpad {
natural_scroll=true
clickfinger_behavior=true
middle_button_emulation=true
tap-to-click=true
}
''}
tablet {
output=current
active_area_size=39 22
active_area_position=50 60
}
}
gestures {
@ -117,7 +125,12 @@ in {
disable_splash_rendering=true
mouse_move_enables_dpms=true
vfr=true
vrr=1
vrr=2
}
experimental {
# wide_color_gamut=true
# hdr=true
xx_color_management_v4=true
}
'' ''
bindm=${modifier},mouse:272,movewindow