AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: AtaraxiaDev:f931ae40350c07711fe3570b56d913d3bba3dac8
Branches Tags
AtaraxiaDev:dev
AtaraxiaDev:master
..
compare: AtaraxiaDev:3f4317383846c76f5584b3466685706959ce3a15
Branches Tags
AtaraxiaDev:dev
AtaraxiaDev:master

No commits in common. "f931ae40350c07711fe3570b56d913d3bba3dac8" and "3f4317383846c76f5584b3466685706959ce3a15" have entirely different histories.
f931ae4035 ... 3f43173838

81 changed files with 857 additions and 6392 deletions
Show Stats Expand all files Collapse all files

16
.sops.yaml
View File

@ -1,26 +1,12 @@
keys:
- &ataraxia age13phpsegg6vu7a34ydtfa9s904dfpgzqhzru7epnky7glezk0xvkst9qh6h
- &blueshift age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x
- &andromedae age1kj70enq8ynqdnl04l5d0v43vcn0de0snn732wfxdxrgxhp72myeq93e9ts
- &ataraxia age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el
- &redshift age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ataraxia
- *andromedae
- *blueshift
- *redshift
- path_regex: secrets/andromedae/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ataraxia
- *andromedae
- path_regex: secrets/blueshift/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *ataraxia
- *blueshift
- path_regex: secrets/redshift/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:

8
.typos.toml Normal file
View File

@ -0,0 +1,8 @@
[default]
extend-ignore-re = [
# Ignore `files = "";` declarations
"(?Rm)^\\s*files\\s*=.*;$"
]
[default.extend-words]
lazer = "lazer"

2
README.md
View File

@ -1,3 +1,3 @@
# NixOS configuration
Rewrite of my old config. You can access old config in [master branch](https://github.com/AtaraxiaSjel/nixos-config/tree/master).
WIP

804
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

67
flake.nix
View File

@ -18,21 +18,20 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
flake-parts.url = "github:hercules-ci/flake-parts";
lite-config.url = "github:ataraxiasjel/lite-config/v0.10.0";
lite-config.url = "github:ataraxiasjel/lite-config/v0.8.0";
flake-registry = {
url = "github:nixos/flake-registry";
flake = false;
};
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
ataraxiasjel-nur.url = "github:AtaraxiaSjel/nur";
catppuccin.url = "github:catppuccin/nix";
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
@ -42,21 +41,9 @@
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
lix = {
url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz";
flake = false;
};
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
inputs.lix.follows = "lix";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-vscode-marketplace = {
url = "github:nix-community/nix-vscode-extensions";
# url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz";
url = "github:ataraxiasjel/lix-nixos-module/2.92.0-1";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
@ -87,11 +74,9 @@
overlays = [
inputs.ataraxiasjel-nur.overlays.default
inputs.ataraxiasjel-nur.overlays.grub2-unstable-argon2
inputs.nix-vscode-marketplace.overlays.default
(final: prev: (import ./overlays inputs) final prev)
];
};
importDummyHomeManager = true;
extraSpecialArgs = {
flake-self = self;
secretsDir = ./secrets;
@ -104,21 +89,7 @@
hostModuleDir = ./hosts;
hosts = {
NixOS-VM.system = "x86_64-linux";
# home-workstation
andromedae = {
system = "x86_64-linux";
useHomeManager = true;
};
# home-hypervisor
orion = {
system = "x86_64-linux";
useHomeManager = false;
};
# VPS
blueshift = {
system = "x86_64-linux";
useHomeManager = false;
};
redshift = {
system = "x86_64-linux";
useHomeManager = false;
@ -144,7 +115,7 @@
enable = true;
lsp.package = pkgs.nixd;
};
git-hooks.hooks =
pre-commit.hooks =
let
default = {
enable = true;
@ -154,9 +125,20 @@
{
actionlint = default;
deadnix = default;
# flake-checker = default;
flake-checker = default;
lychee = default // {
args = [
"--exclude-all-private"
"--exclude"
"^https://.*\\.backblazeb2\\.com"
"--exclude"
"^https://.*\\.ataraxiadev\\.com"
];
};
markdownlint = default;
nixfmt-rfc-style = default;
ripsecrets = default;
typos = default;
yamlfmt = default;
yamllint = default // {
args = [
@ -209,9 +191,6 @@
} conf;
in
builtins.mapAttrs mkDeploy {
orion = {
hostname = "10.10.10.10";
};
redshift = {
hostname = "104.164.54.197";
fastConnection = false;
@ -220,14 +199,6 @@
"32323"
];
};
blueshift = {
hostname = "45.134.48.174";
fastConnection = false;
sshOpts = [
"-p"
"32323"
];
};
}
);
};

69
hosts/andromedae/boot.nix
View File

@ -1,69 +0,0 @@
{ lib, pkgs, ... }:
{
fileSystems."/" = lib.mkForce {
device = "none";
options = [
"defaults"
"size=4G"
"mode=755"
];
fsType = "tmpfs";
};
# initrd = {
# supportedFilesystems = [ "zfs" ];
# luks.devices = {
# "cryptroot" = {
# keyFile = "/keyfile0.bin";
# allowDiscards = true;
# bypassWorkqueues = true;
# };
# };
# secrets = {
# "keyfile0.bin" = "/etc/secrets/keyfile0.bin";
# };
# };
boot = {
zfs.package = pkgs.zfs_unstable;
loader = {
grub = {
enable = true;
device = "nodev";
copyKernels = true;
efiSupport = true;
enableCryptodisk = true;
useOSProber = false;
zfsSupport = true;
gfxmodeEfi = "2560x1440";
};
efi.efiSysMountPoint = "/efi";
efi.canTouchEfiVariables = true;
};
kernelParams = [
"pti=off"
"retbleed=off" # big performance impact
"spectre_v2=off"
];
kernel.sysctl = {
"kernel.split_lock_mitigate" = 0;
};
tmp.useTmpfs = true;
tmp.tmpfsSize = "100%";
tmp.tmpfsHugeMemoryPages = "within_size";
supportedFilesystems = [ "ntfs" ];
};
# AMD EPP P-State management
# powerManagement.cpuFreqGovernor = "powersave";
# services.auto-epp = {
# enable = true;
# settings.Settings.epp_state_for_BAT = "balance_performance";
# settings.Settings.epp_state_for_AC = "balance_performance";
# };
}

181
hosts/andromedae/default.nix
View File

@ -1,181 +0,0 @@
{
config,
pkgs,
lib,
inputs,
...
}:
let
inherit (lib) mkForce;
defaultUser = config.ataraxia.defaults.users.defaultUser;
in
{
imports = [
./hardware-configuration.nix
./boot.nix
inputs.catppuccin.nixosModules.catppuccin
];
catppuccin.enable = true;
catppuccin.accent = "mauve";
catppuccin.flavor = "mocha";
ataraxia.defaults.role = "desktop";
ataraxia.defaults.hardware.cpuVendor = "amd";
ataraxia.defaults.hardware.gpuVendor = "amd";
# Impermanence
ataraxia.filesystems.zfs.enable = true;
ataraxia.filesystems.zfs.eraseOnBoot.enable = true;
ataraxia.filesystems.zfs.eraseOnBoot.snapshots = [
"rpool/nixos/root@empty"
"rpool/user/home@empty"
];
ataraxia.filesystems.zfs.mountpoints = [
"/etc/secrets"
"/media/libvirt"
"/nix"
"/persist"
"/srv"
"/var/lib/ccache"
"/var/lib/containers"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/postgresql"
"/var/log"
"/vol"
];
ataraxia.networkd = {
enable = true;
ifname = "enp8s0";
mac = "60:45:cb:a0:15:11";
bridge.enable = true;
ipv4 = [
{
address = "10.10.10.100/24";
gateway = "10.10.10.1";
dns = [
"10.10.10.1"
"9.9.9.9"
];
}
];
};
# Home-manager
home-manager.users.${defaultUser} = {
ataraxia.defaults.role = "desktop";
ataraxia.programs.mangohud.enable = true;
ataraxia.services.modprobed-db.enable = true;
ataraxia.theme.catppuccin.enable = true;
wayland.windowManager.hyprland.settings = {
# TODO: Remove after flickering is fixed
# misc.vrr = lib.mkForce 0;
monitor = mkForce [
"DP-3,2560x1440@164.998993,0x0,1"
"HDMI-A-1,1920x1080@60,-1920x360,1"
",highres,auto,1"
];
exec-once = [
"${pkgs.xorg.xrandr}/bin/xrandr --output DP-3 --primary"
];
};
home.packages = with pkgs; [
devenv
nh
nix-diff
nix-update
nixfmt-rfc-style
nixos-anywhere
# anydesk
# arduino-ide
# dbeaver-bin
# dig.dnsutils
# distrobox
# exercism
# freerdp
# kdePackages.merkuro
# libsForQt5.ark
# libsForQt5.dolphin
# maa-cli
# mitmproxy
# mkvtoolnix
modprobed-db
# packwiz
# piper
# prismlauncher
# radeontop
# streamrip
# wayvnc
# winbox
# yt-archivist
];
persist.state.directories = [
".config/sops/age"
".config/WarThunder"
"nixos-config"
"projects"
];
home.stateVersion = "25.05";
};
# Services
services.postgresql.settings = {
full_page_writes = "off";
wal_init_zero = "off";
wal_recycle = "off";
};
ataraxia.programs.corectrl.enable = true;
ataraxia.programs.steam.enable = true;
ataraxia.vpn.sing-box.enable = true;
ataraxia.vpn.sing-box.config = "ataraxia-singbox";
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
# Mesa from unstable channel
hardware.graphics.package = pkgs.mesaUnstable;
hardware.graphics.package32 = pkgs.mesaUnstablei686;
programs.hyprland.package = pkgs.hyprlandUnstable;
programs.hyprland.portalPackage = pkgs.hyprlandPortalUnstable;
# Auto-mount lan nfs share
fileSystems = {
"/media/files" = {
fsType = "ntfs";
device = "/dev/disk/by-partuuid/15fa11a1-a6d8-4962-9c03-74b209d7c46a";
options = [
"nofail"
"uid=${toString config.users.users.${defaultUser}.uid}"
"gid=${toString config.users.groups.users.gid}"
];
};
"/media/win-sys" = {
fsType = "ntfs";
device = "/dev/disk/by-partuuid/4fba33e7-6b47-4e3b-b18b-882a58032673";
options = [
"nofail"
"uid=${toString config.users.users.${defaultUser}.uid}"
"gid=${toString config.users.groups.users.gid}"
];
};
"/media/local-nfs" = {
device = "10.10.10.11:/";
fsType = "nfs4";
options = [
"nfsvers=4.2"
"x-systemd.automount"
"noauto"
];
};
};
system.stateVersion = "25.05";
}

192
hosts/andromedae/hardware-configuration.nix
View File

@ -1,192 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/home" = {
device = "rpool/user/home";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/persist" = {
device = "rpool/persistent/impermanence";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/srv" = {
device = "rpool/persistent/servers";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/etc/secrets" = {
device = "rpool/persistent/secrets";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/nix" = {
device = "rpool/persistent/nix";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/log" = {
device = "rpool/persistent/log";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/docker" = {
device = "rpool/persistent/docker";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/containers" = {
device = "rpool/persistent/containers";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/nixos-containers" = {
device = "rpool/persistent/nixos-containers";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/libvirt" = {
device = "rpool/persistent/libvirt";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/media/libvirt" = {
device = "rpool/persistent/libvirt-user";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/media/libvirt/images" = {
device = "rpool/persistent/libvirt-user/images";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/ccache" = {
device = "rpool/persistent/ccache";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/var/lib/postgresql" = {
device = "rpool/persistent/postgresql";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/boot" = {
device = "bpool/nixos/boot";
fsType = "zfs";
options = [
"zfsutil"
"X-mount.mkdir"
];
};
fileSystems."/efi" = {
device = "/dev/disk/by-uuid/A556-CD19";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [
{
device = "/dev/disk/by-partuuid/a42e17be-989d-4b26-b7a2-055e0068eb05";
randomEncryption.enable = true;
randomEncryption.allowDiscards = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp8s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
networking.hostId = "ec5d10ad";
boot.zfs.devNodes = "/dev/disk/by-id";
boot.supportedFilesystems = [ "zfs" ];
}

78
hosts/blueshift/backups.nix
View File

@ -1,78 +0,0 @@
{
config,
lib,
inputs,
secretsDir,
...
}:
{
imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
sops.secrets.rustic-vps-pass.sopsFile = secretsDir + /rustic.yaml;
sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml;
services.rustic.backups =
let
label = "vps-containers";
in
rec {
vps-backup = {
backup = true;
prune = false;
initialize = false;
pruneOpts = [ "--repack-cacheable-only=false" ];
environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
timerConfig = {
OnCalendar = "01:00";
Persistent = true;
};
settings = {
repository = {
repository = "opendal:s3";
password-file = config.sops.secrets.rustic-vps-pass.path;
options = {
root = label;
bucket = "ataraxia-rustic-backups";
region = "eu-central-003";
endpoint = "https://s3.eu-central-003.backblazeb2.com";
};
};
repository.options = {
timeout = "5min";
retry = "10";
};
backup = {
host = config.networking.hostName;
label = label;
ignore-devid = true;
group-by = "label";
skip-identical-parent = true;
snapshots = [
{
sources = [
"/var/lib/tailscale"
"/srv/marzban"
];
}
];
};
forget = {
filter-labels = [ label ];
group-by = "label";
prune = true;
keep-daily = 4;
keep-weekly = 2;
keep-monthly = 1;
};
};
};
vps-prune = lib.recursiveUpdate vps-backup {
backup = false;
prune = true;
createWrapper = false;
timerConfig = {
OnCalendar = "Mon, 02:00";
Persistent = true;
};
};
};
}

158
hosts/blueshift/default.nix
View File

@ -1,158 +0,0 @@
{
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./backups.nix
./disk-config.nix
./services.nix
];
ataraxia.defaults.role = "server";
# Impermanence
ataraxia.filesystems.btrfs.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.device = "/dev/vda4";
ataraxia.filesystems.btrfs.eraseOnBoot.waitForDevice =
"sys-devices-pci0000:00-0000:00:06.0-virtio2-block-vda.device";
ataraxia.filesystems.btrfs.eraseOnBoot.eraseVolumes = [
{
vol = "rootfs";
blank = "rootfs-blank";
}
{
vol = "homefs";
blank = "homefs-blank";
}
];
ataraxia.filesystems.btrfs.mountpoints = [
"/home"
"/nix"
"/persist"
"/srv"
"/var/lib/containers"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/podman"
"/var/log"
];
ataraxia.defaults.ssh.ports = [ 32323 ];
ataraxia.networkd = {
enable = true;
disableIPv6 = true;
domain = "ro.ataraxiadev.com";
ifname = "enp0s3";
mac = "00:16:3e:e3:cd:40";
bridge.enable = true;
ipv4 = [
{
address = "45.134.48.174/24";
gateway = "45.134.48.1";
dns = [
"9.9.9.9"
"149.112.112.112"
];
}
];
};
services.qemuGuest.enable = lib.mkForce true;
# I don't want to specify all required kernel modules
# manually. For now at least
security.lockKernelModules = lib.mkForce false;
# scudo memalloc often borks everything
environment.memoryAllocator.provider = lib.mkForce "libc";
boot = {
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"vfat"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ "kvm-intel" ];
kernelParams = [
"scsi_mod.use_blk_mq=1"
"kvm.ignore_msrs=1"
"kvm.report_ignored_msrs=0"
# Allow access to rescue mode with locked root user
# "rd.systemd.unit=rescue.target"
"systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"
];
kernel.sysctl = {
# proxy tuning
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_slow_start_after_idle" = 0;
"net.core.default_qdisc" = "cake";
"net.core.rmem_max" = 67108864;
"net.core.wmem_max" = 67108864;
"net.core.netdev_max_backlog" = 10000;
"net.core.somaxconn" = 4096;
"net.ipv4.tcp_syncookies" = 1;
"net.ipv4.tcp_tw_reuse" = 1;
"net.ipv4.tcp_fin_timeout" = 30;
"net.ipv4.tcp_keepalive_time" = 1200;
"net.ipv4.tcp_keepalive_probes" = 5;
"net.ipv4.tcp_keepalive_intvl" = 30;
"net.ipv4.tcp_max_syn_backlog" = 8192;
"net.ipv4.tcp_max_tw_buckets" = 5000;
"net.ipv4.tcp_fastopen" = 3;
"net.ipv4.tcp_mem" = "25600 51200 102400";
"net.ipv4.udp_mem" = "25600 51200 102400";
"net.ipv4.tcp_rmem" = "4096 87380 67108864";
"net.ipv4.tcp_wmem" = "4096 65536 67108864";
"net.ipv4.tcp_mtu_probing" = 1;
};
loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
supportedFilesystems = [
"vfat"
"btrfs"
];
};
environment.systemPackages = with pkgs; [
bat
bottom
git
kitty.terminfo
micro
pwgen
rsync
];
services.fail2ban = {
enable = true;
maxretry = 3;
bantime = "2h";
bantime-increment = {
enable = true;
maxtime = "72h";
overalljails = true;
};
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
jails = {
sshd.settings = {
backend = "systemd";
mode = "aggressive";
};
};
};
system.stateVersion = "24.11";
}

112
hosts/blueshift/disk-config.nix
View File

@ -1,112 +0,0 @@
{ inputs, ... }:
{
imports = [ inputs.disko.nixosModules.disko ];
disko.devices.disk.disk1 =
let
device = "/dev/vda";
defaultMountOpts = [
"compress=zstd"
"noatime"
"autodefrag"
"ssd"
];
in
{
inherit device;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
name = "swap";
size = "1G";
content = {
type = "swap";
randomEncryption = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
postCreateHook = ''
mount -t btrfs ${device}4 /mnt
btrfs subvolume snapshot -r /mnt/rootfs /mnt/snapshots/rootfs-blank
btrfs subvolume snapshot -r /mnt/homefs /mnt/snapshots/homefs-blank
btrfs subvolume snapshot -r /mnt/persist/docker /mnt/snapshots/docker-blank
btrfs subvolume snapshot -r /mnt/persist/podman /mnt/snapshots/podman-blank
btrfs subvolume snapshot -r /mnt/persist/containers /mnt/snapshots/containers-blank
btrfs subvolume snapshot -r /mnt/persist/libvirt /mnt/snapshots/libvirt-blank
btrfs subvolume snapshot -r /mnt/persist/log /mnt/snapshots/log-blank
btrfs subvolume snapshot -r /mnt/persist/impermanence /mnt/snapshots/impermanence-blank
btrfs subvolume snapshot -r /mnt/persist/srv /mnt/snapshots/srv-blank
umount /mnt
'';
subvolumes = {
"/snapshots" = { };
"/rootfs" = {
mountpoint = "/";
mountOptions = defaultMountOpts;
};
"/homefs" = {
mountpoint = "/home";
mountOptions = defaultMountOpts;
};
"/persist" = { };
"/persist/nix" = {
mountpoint = "/nix";
mountOptions = defaultMountOpts;
};
"/persist/srv" = {
mountpoint = "/srv";
mountOptions = defaultMountOpts;
};
"/persist/docker" = {
mountpoint = "/var/lib/docker";
mountOptions = defaultMountOpts;
};
"/persist/podman" = {
mountpoint = "/var/lib/podman";
mountOptions = defaultMountOpts;
};
"/persist/containers" = {
mountpoint = "/var/lib/containers";
mountOptions = defaultMountOpts;
};
"/persist/libvirt" = {
mountpoint = "/var/lib/libvirt";
mountOptions = defaultMountOpts;
};
"/persist/log" = {
mountpoint = "/var/log";
mountOptions = defaultMountOpts;
};
"/persist/impermanence" = {
mountpoint = "/persist";
mountOptions = defaultMountOpts;
};
};
};
};
};
};
};
}

83
hosts/blueshift/services.nix
View File

@ -1,83 +0,0 @@
{
config,
lib,
pkgs,
secretsDir,
...
}:
let
cert-key = config.sops.secrets."cert.key".path;
cert-pem = config.sops.secrets."cert.pem".path;
nginx-conf = config.sops.secrets."nginx.conf".path;
marzban-env = config.sops.secrets.marzban.path;
cfgOcis = config.services.ocis;
in
{
# Tailscale exit-node
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
# Empty ocis in front
networking.firewall.allowedTCPPorts = [
80
443
];
services.ocis.enable = true;
services.ocis.url = "https://ro.ataraxiadev.com";
services.ocis.configDir = "/var/lib/ocis/config";
systemd.services.ocis.serviceConfig.ReadOnlyPaths = lib.mkForce [ ];
systemd.services.ocis.serviceConfig.ExecStartPre = pkgs.writeShellScript "ocis-init" ''
${lib.getExe cfgOcis.package} init --force-overwrite --insecure true --config-path ${config.services.ocis.configDir}
'';
# Marzban
sops.secrets =
let
nginx = {
sopsFile = secretsDir + /blueshift/nginx.yaml;
restartUnits = [ "podman-nginx.service" ];
};
marzban = {
format = "dotenv";
sopsFile = secretsDir + /blueshift/marzban.env;
restartUnits = [ "podman-marzban.service" ];
};
in
{
"cert.key" = nginx;
"cert.pem" = nginx;
"nginx.conf" = nginx;
inherit marzban;
};
virtualisation.oci-containers.containers = {
marzban = {
autoStart = true;
# Tags: v0.8.4
image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
environmentFiles = [ marzban-env ];
extraOptions = [ "--network=host" ];
volumes = [
"/srv/marzban:/var/lib/marzban"
];
};
nginx = {
autoStart = true;
# Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
extraOptions = [ "--network=host" ];
volumes = [
"${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
"${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
"${nginx-conf}:/etc/nginx/nginx.conf:ro"
];
};
};
systemd.tmpfiles.rules = [
"d ${cfgOcis.configDir} 0700 ${cfgOcis.user} ${cfgOcis.group} -"
"d /srv/marzban 0755 root root -"
];
}

26
hosts/orion/default.nix
View File

@ -1,26 +0,0 @@
{ ... }:
{
ataraxia.defaults.role = "server";
# Impermanence
ataraxia.filesystems.zfs.eraseOnBoot.enable = true;
ataraxia.filesystems.zfs.eraseOnBoot.snapshots = [
"rpool/nixos/root@blank"
"rpool/user/home@blank"
];
ataraxia.filesystems.zfs.mountpoints = [
"/etc/secrets"
"/media/bittorrent"
"/media/libvirt"
"/media/libvirt/images"
"/nix"
"/persist"
"/srv/home"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/nixos-containers"
"/var/lib/ocis"
"/var/lib/postgresql"
"/var/log"
"/vol"
];
}

5
hosts/redshift/backups.nix
View File

@ -12,9 +12,10 @@
sops.secrets.rustic-backups-s3-env.sopsFile = secretsDir + /rustic.yaml;
services.rustic.backups =
let
cfg = config.services.rustic.backups;
label = "vps-containers";
in
rec {
{
vps-backup = {
backup = true;
prune = false;
@ -65,7 +66,7 @@
};
};
};
vps-prune = lib.recursiveUpdate vps-backup {
vps-prune = lib.recursiveUpdate cfg.vps-backup {
backup = false;
prune = true;
createWrapper = false;

37
hosts/redshift/default.nix
View File

@ -15,6 +15,7 @@
ataraxia.defaults.role = "server";
# Impermanence
persist.cache.clean.enable = true;
ataraxia.filesystems.btrfs.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.enable = true;
ataraxia.filesystems.btrfs.eraseOnBoot.device = "/dev/sda4";
@ -30,36 +31,23 @@
blank = "homefs-blank";
}
];
ataraxia.filesystems.btrfs.mountpoints = [
"/home"
"/nix"
"/persist"
"/srv"
"/var/lib/containers"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/podman"
"/var/log"
];
ataraxia.defaults.ssh.ports = [ 32323 ];
ataraxia.networkd = {
ataraxia.network = {
enable = true;
disableIPv6 = true;
enableIPv6 = false;
domain = "wg.ataraxiadev.com";
ifname = "enp0s18";
mac = "bc:24:11:99:d5:2f";
bridge.enable = true;
ipv4 = [
{
ipv4 = {
address = "104.164.54.197/24";
gateway = "104.164.54.1";
dns = [
"9.9.9.9"
"149.112.112.112"
];
}
];
};
};
services.qemuGuest.enable = lib.mkForce true;
@ -89,6 +77,11 @@
"systemd.setenv=SYSTEMD_SULOGIN_FORCE=1"
];
kernel.sysctl = {
"vm.swappiness" = 50;
"vm.vfs_cache_pressure" = 200;
"vm.dirty_background_ratio" = 1;
"vm.dirty_ratio" = 40;
"vm.page-cluster" = 0;
# proxy tuning
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.tcp_slow_start_after_idle" = 0;
@ -123,15 +116,19 @@
];
};
environment.systemPackages = with pkgs; [
environment.systemPackages = builtins.attrValues {
inherit (pkgs.kitty) terminfo;
inherit (pkgs)
bat
bottom
comma
git
micro
nix-index
pwgen
rsync
kitty.terminfo
];
;
};
services.fail2ban = {
enable = true;
maxretry = 3;

103
modules/home/applications/aria2.nix
View File

@ -1,103 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.aria2;
homeDir = config.home.homeDirectory;
username = config.home.username;
in
{
options.ataraxia.programs.aria2 = {
enable = mkEnableOption "Enable aria2 program";
};
config = mkIf cfg.enable {
programs.aria2 = {
enable = true;
settings = {
### Basic ###
dir = "${homeDir}/Downloads";
input-file = "${homeDir}/.config/aria2/aria2.session";
save-session = "${homeDir}/.config/aria2/aria2.session";
save-session-interval = 60;
max-concurrent-downloads = 5;
continue = true;
max-overall-download-limit = 0;
max-download-limit = 0;
quiet = true;
### Advanced ###
allow-overwrite = true;
allow-piece-length-change = true;
always-resume = true;
async-dns = false;
auto-file-renaming = true;
content-disposition-default-utf8 = true;
disk-cache = "64M";
file-allocation = "falloc";
no-file-allocation-limit = "64M";
# Set log level to output to console. LEVEL is either debug, info, notice, warn or error. Default: notice
console-log-level = "notice";
# Set log level to output. LEVEL is either debug, info, notice, warn or error. Default: debug
log-level = "warn";
log = "${homeDir}/.config/aria2/aria2.log";
### RPC ###
enable-rpc = true;
pause = false;
rpc-save-upload-metadata = true;
rpc-allow-origin-all = true;
rpc-listen-all = false;
rpc-listen-port = 49100;
# rpc-secret=
# The certificate must be either in PKCS12 (.p12, .pfx) or in PEM format. When using PEM, you have to specify the private key via --rpc-private-key as well.
# rpc-certificate=
# rpc-private-key=
rpc-secure = false;
### HTTP/FTP/SFTP ###
max-connection-per-server = 16;
min-split-size = "8M";
split = 32;
# user-agent = "Transmission/4.0.2";
### BitTorrent ###
# bt-save-metadata=false
listen-port = "49101-49109";
# max-overall-upload-limit=256K
# max-upload-limit=0
seed-ratio = 0.1;
seed-time = 0;
# bt-enable-lpd = false;
enable-dht = true;
enable-dht6 = true;
dht-listen-port = "49101-49109";
dht-entry-point = "dht.transmissionbt.com:6881";
dht-entry-point6 = "dht.transmissionbt.com:6881";
dht-file-path = "${homeDir}/.config/aria2/dht.dat";
dht-file-path6 = "${homeDir}/.config/aria2/dht6.dat";
enable-peer-exchange = true;
# peer-id-prefix = "-TR2770-";
peer-agent = "Transmission/4.0.2";
# bt-tracker = "";
};
};
systemd.user.services.aria2 = {
Unit.Description = "aria2 is a download utility operated in command-line";
Service = {
Restart = "on-failure";
ExecStart = getExe config.programs.aria2.package;
};
Install.WantedBy = [ "default.target" ];
};
systemd.user.tmpfiles.rules = [
"f ${homeDir}/.config/aria2/aria2.session 0644 ${username} users -"
"f ${homeDir}/.config/aria2/dht.dat 0644 ${username} users -"
"f ${homeDir}/.config/aria2/dht6.dat 0644 ${username} users -"
];
persist.state.directories = [ ".config/aria2" ];
};
}

17
modules/home/applications/direnv.nix
View File

@ -1,17 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.direnv;
in
{
options.ataraxia.programs.direnv = {
enable = mkEnableOption "Enable direnv program";
};
config = mkIf cfg.enable {
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
persist.state.directories = [ ".local/share/direnv" ];
};
}

35
modules/home/applications/eza.nix
View File

@ -1,35 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.eza;
catpuccin-theme = pkgs.fetchurl {
url = "https://github.com/eza-community/eza-themes/raw/7465d04d9834f94b56943024354cf61d2e67efe4/themes/catppuccin.yml";
hash = "sha256-Db7QrlhhU7rZk2IVVfGGRS5JEue6itBzoa77pmKE7EI=";
};
in
{
options.ataraxia.programs.eza = {
enable = mkEnableOption "Enable eza program";
};
config = mkIf cfg.enable {
programs.eza = {
enable = true;
colors = "auto";
extraOptions = [
"--group-directories-first"
"--header"
];
git = true;
icons = "auto";
# TODO: change in catpuccin theme module, not here
theme = catpuccin-theme;
};
};
}

188
modules/home/applications/firefox.nix
View File

@ -1,188 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
concatStrings
fileContents
getExe
mapAttrsToList
mkEnableOption
mkIf
;
inherit (config.theme) colors fonts;
cfg = config.ataraxia.programs.firefox;
homeDir = config.home.homeDirectory;
mkUserJs =
{
prefs ? { },
extraPrefs ? "",
}:
''
${extraPrefs}
${concatStrings (
mapAttrsToList (name: value: ''
user_pref("${name}", ${builtins.toJSON value});
'') prefs
)}
'';
finalPackage = config.programs.firefox.finalPackage;
firefox-kpoxa = pkgs.writeShellScriptBin "firefox-kpoxa" ''
${getExe finalPackage} -profile ${homeDir}/.mozilla/firefox/kpoxa
'';
username = config.home.username;
in
{
options.ataraxia.programs.firefox = {
enable = mkEnableOption "Enable firefox program";
};
config = mkIf cfg.enable {
dbus.packages = [ finalPackage ];
home.packages = [ firefox-kpoxa ];
home.sessionVariables = {
MOZ_USE_XINPUT2 = "1";
MOZ_DBUS_REMOTE = "1";
};
defaultApplications.browser = {
cmd = getExe finalPackage;
desktop = "firefox";
};
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
# Mailvelope GnuPG integration
nativeMessagingHosts = [
(pkgs.writeTextDir "lib/mozilla/native-messaging-hosts/gpgmejson.json" ''
{
"name": "gpgmejson",
"description": "JavaScript binding for GnuPG",
"path": "${pkgs.gpgme.dev}/bin/gpgme-json",
"type": "stdio",
"allowed_extensions": ["jid1-AQqSMBYb0a8ADg@jetpack"]
}
'')
];
};
profiles = {
${username} = {
id = 0;
userChrome = ''
#TabsToolbar {
visibility: collapse;
}
toolbar#nav-bar, nav-bar-customization-target {
background: ${colors.color0} !important;
}
@-moz-document url("about:newtab") {
* { background-color: ${colors.color0} !important; }
}
'';
userContent = ''
.scroll-styled-h, .scroll-styled-v, html {
scrollbar-color: #495460 rgba(255, 255, 255, .0);
scrollbar-width: thin;
}
'';
extraConfig = mkUserJs {
prefs = {
"network.http.referer.XOriginPolicy" = 0;
"signon.rememberSignons" = false;
"browser.quitShortcut.disabled" = true;
"general.autoScroll" = true;
"extensions.pocket.enabled" = false;
"browser.startup.page" = 1;
"browser.startup.homepage" = "https://ataraxiadev.com";
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"browser.search.suggest.enabled" = true;
"ui.context_menus.after_mouseup" = true;
"font.name.monospace.x-western" = fonts.mono.family;
"font.name.sans-serif.x-western" = fonts.sans.family;
"font.name.serif.x-western" = fonts.serif.family;
"browser.display.background_color" = colors.color0;
"browser.display.foreground_color" = colors.color5;
"browser.anchor_color" = colors.color13;
"browser.visited_color" = colors.color12;
"browser.display.use_document_fonts" = true;
"pdfjs.disabled" = false;
"media.eme.enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"experiments.activeExperiment" = false;
"experiments.enabled" = false;
"experiments.supported" = false;
"network.allow-experiments" = false;
"network.protocol-handler.external.element" = false;
};
extraPrefs = "${fileContents "${pkgs.arkenfox-userjs}/share/user.js/user.js"}";
};
};
kpoxa = {
id = 1;
userContent = ''
.scroll-styled-h, .scroll-styled-v, html {
scrollbar-color: #495460 rgba(255, 255, 255, .0);
scrollbar-width: thin;
}
'';
extraConfig = mkUserJs {
prefs = {
"network.http.referer.XOriginPolicy" = 0;
"signon.rememberSignons" = false;
"general.autoScroll" = true;
"extensions.pocket.enabled" = false;
"browser.startup.homepage" = "https://ataraxiadev.com";
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"browser.search.suggest.enabled" = true;
"browser.urlbar.suggest.searches" = true;
"ui.context_menus.after_mouseup" = true;
"keyword.enabled" = true;
"media.eme.enabled" = true;
"browser.startup.page" = 3;
"browser.sessionstore.privacy_level" = 0;
"privacy.clearOnShutdown.history" = false;
"privacy.clearOnShutdown.cookies" = false;
"privacy.cpd.history" = false;
"font.name.monospace.x-western" = fonts.mono.family;
"font.name.sans-serif.x-western" = fonts.sans.family;
"font.name.serif.x-western" = fonts.serif.family;
"browser.display.background_color" = colors.color0;
"browser.display.foreground_color" = colors.color5;
"browser.anchor_color" = colors.color13;
"browser.visited_color" = colors.color12;
"browser.display.use_document_fonts" = true;
"experiments.activeExperiment" = false;
"experiments.enabled" = false;
"experiments.supported" = false;
"network.allow-experiments" = false;
"network.protocol-handler.external.element" = false;
};
extraPrefs = "${fileContents "${pkgs.arkenfox-userjs}/share/user.js/user.js"}";
};
};
};
};
persist.state.directories = [
# ".mozilla/firefox/${username}"
# ".mozilla/firefox/kpoxa"
".mozilla/firefox"
];
};
}

57
modules/home/applications/games/mangohud.nix
View File

@ -1,57 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.mangohud;
in
{
options.ataraxia.programs.mangohud = {
enable = mkEnableOption "Enable mangohud program";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ mangohud ];
xdg.configFile."MangoHud/MangoHud.conf".text = ''
fps_limit=60
toggle_fps_limit=F1
legacy_layout=false
gpu_stats
gpu_temp
gpu_text=GPU
cpu_stats
cpu_temp
cpu_color=2e97cb
cpu_text=CPU
io_color=a491d3
vram
vram_color=ad64c1
ram
ram_color=c26693
fps
engine_version
engine_color=eb5b5b
gpu_color=2e9762
wine
wine_color=eb5b5b
frame_timing=1
frametime_color=00ff00
resolution
vkbasalt
media_player_color=ffffff
time
background_alpha=0.4
font_size=24
background_color=020202
position=top-left
text_color=ffffff
toggle_hud=Shift_R+F12
toggle_logging=Shift_L+F2
output_folder=${config.home.homeDirectory}
media_player_name=spotify
'';
};
}

33
modules/home/applications/geary.nix
View File

@ -1,33 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.geary;
in
{
options.ataraxia.programs.geary = {
enable = mkEnableOption "Enable geary program";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ geary ];
defaultApplications.mail = {
cmd = "${pkgs.geary}/bin/geary";
desktop = "geary";
};
startupApplications = [
config.defaultApplications.mail.cmd
];
persist.state.directories = [
".config/geary"
".local/share/geary"
];
};
}

80
modules/home/applications/kitty.nix
View File

@ -1,80 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.kitty;
inherit (config.theme) colors fonts;
in
{
options.ataraxia.programs.kitty = {
enable = mkEnableOption "Enable kitty program";
};
config = mkIf cfg.enable {
defaultApplications.term = {
cmd = "${pkgs.kitty}/bin/kitty";
desktop = "kitty";
};
programs.kitty = {
enable = true;
# font.package = ;
font.name = fonts.mono.family;
font.size = fonts.size.small;
settings = {
background = "#${colors.color0}";
foreground = "#${colors.color5}";
selection_background = "#${colors.color5}";
selection_foreground = "#${colors.color0}";
url_color = "#${colors.color4}";
cursor = "#${colors.color5}";
cursor_text_color = "#${colors.color0}";
active_border_color = "#${colors.color3}";
inactive_border_color = "#${colors.color1}";
active_tab_background = "#${colors.color0}";
active_tab_foreground = "#${colors.color5}";
inactive_tab_background = "#${colors.color1}";
inactive_tab_foreground = "#${colors.color4}";
tab_bar_background = "#${colors.color1}";
wayland_titlebar_color = "#${colors.color0}";
macos_titlebar_color = "#${colors.color0}";
# normal
color = "#${colors.color0}";
color1 = "#${colors.color8}";
color2 = "#${colors.color11}";
color3 = "#${colors.color10}";
color4 = "#${colors.color13}";
color5 = "#${colors.color14}";
color6 = "#${colors.color12}";
color7 = "#${colors.color5}";
# bright
color8 = "#${colors.color3}";
color9 = "#${colors.color8}";
color10 = "#${colors.color11}";
color11 = "#${colors.color10}";
color12 = "#${colors.color13}";
color13 = "#${colors.color14}";
color14 = "#${colors.color12}";
color15 = "#${colors.color7}";
# extended base16 colors
color16 = "#${colors.color9}";
color17 = "#${colors.color15}";
color18 = "#${colors.color1}";
color19 = "#${colors.color2}";
color20 = "#${colors.color4}";
color21 = "#${colors.color6}";
enable_audio_bell = false;
confirm_os_window_close = 0;
};
};
};
}

39
modules/home/applications/mpv.nix
View File

@ -1,39 +0,0 @@
{
config,
lib,
osConfig ? null,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.mpv;
gpu = if (osConfig != null) then osConfig.ataraxia.defaults.hardware.gpuVendor else null;
in
{
options.ataraxia.programs.mpv = {
enable = mkEnableOption "Enable mpv program";
};
config = mkIf cfg.enable {
programs.mpv = {
enable = true;
config = {
vo = "gpu-next";
gpu-context = "wayland";
save-position-on-quit = "yes";
hwdec = if gpu == "nvidia" then "vdpau" else "vaapi";
};
};
defaultApplications.media-player = {
cmd = "${config.programs.mpv.package}/bin/mpv";
desktop = "mpv";
};
persist.state.directories = [
".config/mpv"
];
};
}

38
modules/home/applications/nnn.nix
View File

@ -1,38 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.nnn;
in
{
options.ataraxia.programs.nnn = {
enable = mkEnableOption "Enable nnn program";
};
config = mkIf cfg.enable {
programs.nnn = {
enable = true;
package = pkgs.nnn.override { withNerdIcons = true; };
# extraPackages = with pkgs; [ ffmpegthumbnailer mediainfo sxiv ];
# bookmarks = {
# d = "~/Documents";
# D = "~/Downloads";
# p = "~/Pictures";
# v = "~/Videos";
# };
# plugins = { };
};
programs.zsh.shellAliases = {
"n" = "nnn -deHE";
};
persist.state.directories = [
".config/nnn"
];
};
}

71
modules/home/applications/packages.nix
View File

@ -1,71 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.default;
thunarFinal =
with pkgs.xfce;
(thunar.override {
thunarPlugins = [
thunar-archive-plugin
thunar-media-tags-plugin
];
});
in
{
options.ataraxia.programs.default = {
enable = mkEnableOption "Install some program by default";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
bat
bottom
fd
libqalculate
p7zip
pinfo
qalculate-gtk
qbittorrent
qimgv
ripgrep
rsync
thunarFinal
tldr
translate-shell
unrar
];
persist.state.directories = [
".config/qalculate"
".config/qBittorrent"
".config/qimgv"
".config/Thunar"
".config/xarchiver"
];
defaultApplications = {
archive = {
cmd = getExe pkgs.xarchiver;
desktop = "xarchiver";
};
fm = {
cmd = "${thunarFinal}/bin/thunar";
desktop = "thunar";
};
image = {
cmd = getExe pkgs.qimgv;
desktop = "qimgv";
};
torrent = {
cmd = getExe pkgs.qbittorrent;
desktop = "qbittorrent";
};
};
};
}

31
modules/home/applications/rofi.nix
View File

@ -1,31 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
inherit (config.theme) fonts;
cfg = config.ataraxia.programs.rofi;
in
{
options.ataraxia.programs.rofi = {
enable = mkEnableOption "Enable rofi program";
};
config = mkIf cfg.enable {
defaultApplications.dmenu = {
cmd = "${getExe config.programs.rofi.package} -show run";
desktop = "rofi";
};
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
font = "${fonts.mono.family} ${toString fonts.size.big}";
terminal = config.defaultApplications.term.cmd;
# theme = "${themeFile}";
};
};
}

34
modules/home/applications/spotify.nix
View File

@ -1,34 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.spotify;
in
{
options.ataraxia.programs.spotify = {
enable = mkEnableOption "Enable spotify program";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
spotifywm
];
defaultApplications.spotify = {
cmd = getExe pkgs.spotifywm;
desktop = "spotify";
};
startupApplications = [
config.defaultApplications.spotify.cmd
];
persist.state.directories = [
".config/spotify"
];
};
}

34
modules/home/applications/telegram.nix
View File

@ -1,34 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.telegram;
in
{
options.ataraxia.programs.telegram = {
enable = mkEnableOption "Enable telegram program";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
telegram-desktop
];
defaultApplications.messenger = {
cmd = getExe pkgs.telegram-desktop;
desktop = "telegram-desktop";
};
startupApplications = with config.defaultApplications; [
messenger.cmd
];
persist.state.directories = [
".local/share/TelegramDesktop"
];
};
}

38
modules/home/applications/thunderbird.nix
View File

@ -1,38 +0,0 @@
{
config,
lib,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.programs.thunderbird;
username = config.home.username;
in
{
options.ataraxia.programs.thunderbird = {
enable = mkEnableOption "Enable thunderbird program";
};
config = mkIf cfg.enable {
programs.thunderbird = {
enable = true;
profiles.${username} = {
isDefault = true;
withExternalGnupg = true;
};
};
defaultApplications.mail = {
cmd = getExe config.programs.thunderbird.package;
desktop = "thunderbird";
};
startupApplications = [
config.defaultApplications.mail.cmd
];
persist.state.directories = [
".thunderbird/${username}"
];
};
}

170
modules/home/applications/vscode.nix
View File

@ -1,170 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
inherit (config.theme) fonts;
cfg = config.ataraxia.programs.vscode;
EDITOR = pkgs.writeShellScript "code-editor" ''
source "${config.home.profileDirectory}/etc/profile.d/hm-session-vars.sh"
NIXOS_OZONE_WL=1 \
exec \
${getExe config.programs.vscode.package} \
--password-store="gnome-libsecret" \
-w -n \
"$@"
'';
in
{
options.ataraxia.programs.vscode = {
enable = mkEnableOption "Enable vscode program";
};
config = mkIf cfg.enable {
defaultApplications.editor = {
cmd = EDITOR;
desktop = "code-wayland";
};
home.sessionVariables = {
EDITOR = config.defaultApplications.editor.cmd;
VISUAL = config.defaultApplications.editor.cmd;
};
programs.vscode = {
enable = true;
package = pkgs.vscode;
profiles.default = {
enableExtensionUpdateCheck = false;
enableUpdateCheck = false;
extensions =
let
ext-market = pkgs.nix-vscode-extensions.vscode-marketplace;
ext-nixpkgs = pkgs.vscode-extensions;
in
with ext-market;
[
aaron-bond.better-comments
catppuccin.catppuccin-vsc-icons
christian-kohler.path-intellisense
codezombiech.gitignore
eamodio.gitlens
enkia.tokyo-night
fill-labs.dependi
github.vscode-github-actions
github.vscode-pull-request-github
gruntfuggly.todo-tree
irongeek.vscode-env
jebbs.plantuml
jnoortheen.nix-ide
mhutchie.git-graph
mkhl.direnv
ms-azuretools.vscode-docker
ms-python.isort
ms-python.python
ms-python.vscode-pylance
ms-vscode-remote.remote-containers
ms-vscode-remote.remote-ssh
ms-vscode.cpptools
ms-vscode.hexeditor
pkief.material-icon-theme
tamasfe.even-better-toml
ultram4rine.vscode-choosealicense
usernamehw.errorlens
yzhang.markdown-all-in-one
# Rust
jscearcy.rust-doc-viewer
polypus74.trusty-rusty-snippets
rust-lang.rust-analyzer
ext-nixpkgs.vadimcn.vscode-lldb
];
# mutableExtensionsDir = false;
userSettings = {
"editor.fontFamily" = fonts.mono.family;
"editor.fontLigatures" = true;
"editor.fontSize" = 16;
"editor.guides.bracketPairs" = "active";
"editor.quickSuggestions" = {
"other" = true;
"comments" = false;
"strings" = true;
};
"files.autoSave" = "afterDelay";
"files.exclude" = {
"**/.classpath" = true;
"**/.devenv" = true;
"**/.direnv" = true;
"**/.factorypath" = true;
"**/.project" = true;
"**/.settings" = true;
};
"files.trimTrailingWhitespace" = true;
"files.watcherExclude" = {
"**/.devenv" = true;
"**/.direnv" = true;
};
"git-graph.repository.sign.commits" = true;
"git-graph.repository.sign.tags" = true;
"git.autofetch" = false;
"git.enableCommitSigning" = true;
"license.author" = "Dmitriy <ataraxiadev@ataraxiadev.com>";
"license.default" = "mit";
"license.extension" = ".md";
"license.year" = "auto";
"nix.enableLanguageServer" = true;
"nix.formatterPath" = getExe pkgs.nixfmt-rfc-style;
# "nix.serverPath" = getExe pkgs.nil;
"nix.serverPath" = getExe pkgs.nixd;
"nix.serverSettings" = {
"nil" = {
"formatting" = {
"command" = [ (getExe pkgs.nixfmt-rfc-style) ];
};
};
"nixd" = {
"formatting" = {
"command" = [
(getExe pkgs.nixfmt-rfc-style)
];
};
};
};
"rust-analyzer.check.command" = "clippy";
"search.exclude" = {
"**/.devenv" = true;
"**/.direnv" = true;
};
"security.workspace.trust.untrustedFiles" = "open";
"telemetry.telemetryLevel" = "off";
"terminal.integrated.defaultProfile.linux" = "zsh";
"terminal.integrated.fontFamily" = fonts.mono.family;
"terminal.integrated.fontWeight" = "500";
"terminal.integrated.profiles.linux".zsh.path = "/run/current-system/sw/bin/zsh";
"terminal.integrated.scrollback" = 100000;
"todo-tree.regex.regex" = "(//|#|<!--|;|/\\*|^|^[ \\t]*(-|\\d+.))\\s*($TAGS)|todo!";
"update.mode" = "none";
"window.menuBarVisibility" = "toggle";
"window.titleBarStyle" = "custom";
"workbench.colorTheme" = lib.mkDefault "Tokyo Night";
"workbench.iconTheme" = lib.mkDefault "material-icon-theme";
"[nix]" = {
"editor.tabSize" = 2;
"editor.detectIndentation" = true;
};
"[rust]" = {
"editor.defaultFormatter" = "rust-lang.rust-analyzer";
"editor.formatOnSave" = true;
};
};
};
};
persist.state.directories = [
".config/Code"
];
};
}

67
modules/home/default.nix
View File

@ -1,68 +1,11 @@
{ lib, ... }:
let
inherit (builtins)
attrValues
concatLists
mapAttrs
readDir
;
inherit (lib) hasSuffix mkOption remove;
inherit (lib.types)
attrsOf
listOf
path
str
submodule
;
filterRoot = remove (./. + "/default.nix");
findModules =
inherit (lib) filterAttrs;
inherit (builtins) attrNames readDir;
moduleDirs =
dir:
concatLists (
attrValues (
mapAttrs (
name: type:
if type == "directory" then
if (readDir (dir + "/${name}")) ? "default.nix" then
[
(dir + "/${name}")
]
else
findModules (dir + "/${name}")
else if (type == "regular" && (hasSuffix ".nix" name)) then
[
(dir + "/${name}")
]
else
[ ]
) (readDir dir)
)
);
map (name: dir + "/${name}") (attrNames (filterAttrs (_: type: type == "directory") (readDir dir)));
in
{
imports = filterRoot (findModules ./.);
options = {
defaultApplications = mkOption {
default = { };
type = attrsOf (
submodule (
{ ... }:
{
options = {
cmd = mkOption { type = path; };
desktop = mkOption { type = str; };
};
}
)
);
description = "Preferred applications";
};
startupApplications = mkOption {
type = listOf str;
description = "Applications to run on startup";
};
};
imports = moduleDirs ./.;
}

26
modules/home/hardware/sound.nix
View File

@ -1,26 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.sound;
in
{
options.ataraxia.defaults.sound = {
enable = mkEnableOption "Default sound settings";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
pavucontrol
pulseaudio
];
services.easyeffects.enable = true;
persist.state.directories = [ ".local/state/wireplumber" ];
};
}

26
modules/home/locale/default.nix
View File

@ -1,26 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.locale;
dk = "en_DK.UTF-8";
ie = "en_IE.UTF-8";
ru = "ru_RU.UTF-8";
in
{
options.ataraxia.defaults.locale = {
enable = mkEnableOption "Default locale settings";
};
config = mkIf cfg.enable {
home.language = {
base = ie;
address = ru;
monetary = ru;
numeric = ru;
paper = ru;
telephone = ru;
time = dk;
};
};
}

75
modules/home/persist/default.nix
View File

@ -1,28 +1,19 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
inherit (lib)
escapeShellArg
mkEnableOption
mkIf
mkOption
recursiveUpdate
;
inherit (lib.types) listOf path str;
inherit (builtins) concatMap;
cfg = config.persist;
username = config.home.username;
homeDir = config.home.homeDirectory;
absoluteHomePath = map (x: "${homeDir}/${x}");
in
{
imports = [ inputs.impermanence.homeManagerModules.impermanence ];
options =
let
common = {
@ -41,7 +32,7 @@ in
enable = mkEnableOption "A tmpfs root with explicit opt-in state";
persistRoot = mkOption {
type = path;
default = "/persist${config.home.homeDirectory}";
default = "/persist";
};
# Stuff that matters
# TODO backups
@ -62,71 +53,11 @@ in
};
};
# TODO: filter persist paths like in nixos module
config =
let
takeAll = what: concatMap (x: x.${what});
persists = with cfg; [
state
cache
];
allFiles = takeAll "files" persists;
allDirs = takeAll "directories" persists;
in
mkIf cfg.enable {
home.persistence.${cfg.persistRoot} = {
allowOther = true;
directories = allDirs;
files = allFiles;
};
config = mkIf cfg.enable {
# Persist by default
persist.cache.directories = [ ".cache" ];
persist.state = {
directories = [
"Downloads"
"Documents"
"Music"
"Pictures"
"Videos"
".config/dconf"
".local/share/nix"
".ssh"
# { directory = ".ssh"; mode = "0700"; }
];
};
systemd.user = mkIf cfg.cache.clean.enable {
services."persist-cache-cleanup-${username}" = {
Unit = {
Description = "Cleaning up cache files and directories for user ${username}";
Wants = [ "modprobed-db.timer" ];
};
Service = {
ExecStart = pkgs.writeShellScript "" ''
${builtins.concatStringsSep "\n" (
map (x: "rm ${escapeShellArg x}") (absoluteHomePath cfg.cache.files)
)}
${builtins.concatStringsSep "\n" (
map (x: "rm -rf ${escapeShellArg x}") (absoluteHomePath cfg.cache.directories)
)}
'';
Type = "simple";
};
Install.WantedBy = [ "default.target" ];
};
timers."persist-cache-cleanup-${username}" = {
Unit = {
Description = "Run persist-cache-cleanup-${username} service by set schedule";
PartOf = [ "persist-cache-cleanup-${username}.service" ];
};
Timer = {
Persistent = true;
OnCalendar = cfg.cache.clean.dates;
};
Install.WantedBy = [ "timers.target" ];
};
directories = [ ".local/share/nix" ];
};
};
}

101
modules/home/roles/default.nix
View File

@ -1,101 +0,0 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib)
mkDefault
mkIf
mkMerge
mkOption
recursiveUpdate
types
;
inherit (lib.hm.dag) entryAfter;
role = config.ataraxia.defaults.role;
in
{
options.ataraxia.defaults = {
role = mkOption {
type = types.enum [
"none"
"base"
"server"
"desktop"
];
default = "none";
};
};
imports = [
inputs.nix-index-database.hmModules.nix-index
];
config =
let
baseRole = {
ataraxia.defaults.git.enable = mkDefault true;
ataraxia.defaults.gpg.enable = mkDefault true;
ataraxia.defaults.locale.enable = mkDefault true;
ataraxia.defaults.zsh.enable = mkDefault true;
ataraxia.programs.direnv.enable = mkDefault true;
ataraxia.programs.eza.enable = mkDefault true;
ataraxia.programs.nnn.enable = mkDefault true;
ataraxia.security.pass-secret-service.enable = mkDefault true;
ataraxia.security.password-store.enable = mkDefault true;
programs.nix-index.enable = mkDefault true;
programs.nix-index-database.comma.enable = mkDefault true;
home.activation = {
remove-nix-legacy = entryAfter [ "writeBoundary" ] ''
rm -rf ${config.home.homeDirectory}/.nix-defexpr
unlink ${config.home.homeDirectory}/.nix-profile
'';
};
news.display = "silent";
persist.enable = mkDefault true;
persist.cache.clean.enable = mkDefault true;
# Cargo cache
home.sessionVariables = {
CARGO_HOME = mkDefault "${config.xdg.dataHome}/cargo";
};
persist.cache.directories = [
".local/share/cargo"
];
xdg.configFile."nixpkgs/config.nix".text = mkDefault ''
{ allowUnfree = true; android_sdk.accept_license = true; }
'';
};
serverRole = recursiveUpdate baseRole { };
desktopRole = recursiveUpdate baseRole {
ataraxia.defaults.fonts.enable = mkDefault true;
ataraxia.defaults.sound.enable = mkDefault true;
ataraxia.programs.aria2.enable = mkDefault true;
ataraxia.programs.default.enable = mkDefault true;
ataraxia.programs.firefox.enable = mkDefault true;
ataraxia.programs.kitty.enable = mkDefault true;
ataraxia.programs.mpv.enable = mkDefault true;
ataraxia.programs.rofi.enable = mkDefault true;
ataraxia.programs.spotify.enable = mkDefault true;
ataraxia.programs.telegram.enable = mkDefault true;
ataraxia.programs.thunderbird.enable = mkDefault true;
ataraxia.programs.vscode.enable = mkDefault true;
ataraxia.wayland.enable = mkDefault true;
ataraxia.wayland.hyprland.enable = mkDefault true;
ataraxia.wayland.mako.enable = mkDefault true;
ataraxia.wayland.waybar.enable = mkDefault true;
};
in
mkMerge [
(mkIf (role == "base") baseRole)
(mkIf (role == "server") serverRole)
(mkIf (role == "desktop") desktopRole)
];
}

34
modules/home/security/pass-secret-service.nix
View File

@ -1,34 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.security.pass-secret-service;
in
{
options.ataraxia.security.pass-secret-service = {
enable = mkEnableOption "Whether to enable pass-secret-service";
};
config = mkIf cfg.enable {
home.packages = [ pkgs.pass-secret-service ];
dbus.packages = [ pkgs.pass-secret-service ];
xdg.portal.extraPortals = [ pkgs.pass-secret-service ];
services.pass-secret-service.enable = true;
systemd.user.services.pass-secret-service = {
Service.Environment = [
"GPG_TTY=/dev/tty1"
"DISPLAY=:0"
];
Unit = rec {
Wants = [ "gpg-agent.service" ];
After = Wants;
PartOf = [ "graphical-session-pre.target" ];
};
};
};
}

67
modules/home/security/password-store.nix
View File

@ -1,67 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
inherit (lib.types) nullOr path str;
cfg = config.ataraxia.security.password-store;
in
{
options.ataraxia.security.password-store = {
enable = mkEnableOption "Whether to enable password store";
autoSync = mkEnableOption "Whether to enable automatic sync of password store";
store = mkOption {
type = path;
default = "${config.xdg.dataHome}/password-store";
};
gnupgHome = mkOption {
type = path;
default =
if config.programs.gpg.enable then config.programs.gpg.homedir else "${config.xdg.dataHome}/gnupg";
};
repo = mkOption {
default = null;
description = "Git repository to sync with";
type = nullOr str;
};
sshKey = mkOption {
default = null;
description = "Ssh key to use for private repository";
type = nullOr str;
};
};
config = mkIf cfg.enable {
assertions = [
{
assertion = !(cfg.autoSync && cfg.repo == null);
message = "If autoSync enabled, you must set repo to sync";
}
{
assertion = !(cfg.autoSync && cfg.sskKey == null);
message = "If autoSync enabled, you must set sshKey for connection to repo";
}
];
# TODO: autosync with git
programs.password-store = {
enable = true;
package =
if config.ataraxia.wayland.enable then
pkgs.pass.withExtensions (exts: [ exts.pass-otp ])
else
pkgs.pass-wayland.withExtensions (exts: [ exts.pass-otp ]);
settings.PASSWORD_STORE_DIR = cfg.store;
};
persist.state.directories = [ cfg.store ];
};
}

46
modules/home/services/modprobed-db.nix
View File

@ -1,46 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkPackageOption mkIf;
cfg = config.ataraxia.services.modprobed-db;
in
{
options = {
ataraxia.services.modprobed-db = {
enable = mkEnableOption "modprobed-db service to scan and store new kernel modules";
package = mkPackageOption pkgs "modprobed-db" { };
};
};
config = mkIf cfg.enable {
systemd.user = {
services.modprobed-db = {
Unit = {
Description = "modprobed-db service to scan and store new kernel modules";
Wants = [ "modprobed-db.timer" ];
};
Service = {
ExecStart = "${cfg.package}/bin/modprobed-db storesilent";
Type = "simple";
};
Install.WantedBy = [ "default.target" ];
};
timers.modprobed-db = {
Unit.PartOf = [ "modprobed-db.service" ];
Timer = {
Persistent = true;
OnUnitActiveSec = "1h";
};
Install.WantedBy = [ "timers.target" ];
};
};
persist.state.directories = [
".config/modprobed-db"
];
};
}

141
modules/home/theme/catppuccin.nix
View File

@ -1,141 +0,0 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
inherit (lib)
mkEnableOption
mkIf
mkMerge
mkOption
;
inherit (lib.types) bool enum;
cfg = config.ataraxia.theme.catppuccin;
# this capitalizes the first letter in a string.
mkUpper =
str:
(lib.toUpper (builtins.substring 0 1 str)) + (builtins.substring 1 (builtins.stringLength str) str);
in
{
options.ataraxia.theme.catppuccin = {
enable = mkEnableOption "Enable catppuccin theme";
gtk = mkOption {
type = bool;
default = true;
description = "Enable gtk settings";
};
accent = mkOption {
type = enum [
"blue"
"flamingo"
"green"
"lavender"
"maroon"
"mauve"
"peach"
"pink"
"red"
"rosewater"
"sapphire"
"sky"
"teal"
"yellow"
];
default = "mauve";
description = "Catppuccin accent";
};
flavor = mkOption {
type = enum [
"latte"
"frappe"
"macchiato"
"mocha"
];
default = "mocha";
description = "Catppuccin flavor";
};
};
imports = [ inputs.catppuccin.homeModules.catppuccin ];
config = mkMerge [
(mkIf cfg.enable {
catppuccin.accent = cfg.accent;
catppuccin.flavor = cfg.flavor;
catppuccin.enable = true;
catppuccin.waybar.mode = "prependImport"; # or "createLink"
catppuccin.vscode = {
enable = true;
flavor = cfg.flavor;
settings = {
accent = cfg.accent;
boldKeywords = false;
italicComments = false;
italicKeywords = false;
extraBordersEnabled = false;
workbenchMode = "flat";
bracketMode = "dimmed";
colorOverrides = {
${cfg.flavor} = {
base = "#1c1c2d";
mantle = "#191925";
crust = "#151511";
};
};
customUIColors = {
"statusBar.foreground" = "accent";
};
};
};
programs.vscode.profiles.default.userSettings = {
"editor.semanticHighlighting.enabled" = lib.mkForce true;
"terminal.integrated.minimumContrastRatio" = lib.mkForce 1;
"window.titleBarStyle" = lib.mkForce "custom";
"workbench.colorTheme" = lib.mkForce "Catppuccin ${mkUpper cfg.flavor}";
"workbench.iconTheme" = lib.mkForce "catppuccin-${cfg.flavor}";
};
})
(mkIf (cfg.enable && cfg.gtk) {
gtk = {
enable = true;
theme = {
name = "catppuccin-${cfg.flavor}-${cfg.accent}-standard+normal";
package = pkgs.catppuccin-gtk.override {
accents = [ cfg.accent ];
tweaks = [ "normal" ];
variant = cfg.flavor;
};
};
iconTheme = {
name = "Papirus-Dark";
package = pkgs.catppuccin-papirus-folders.override { inherit (cfg) accent flavor; };
};
font = {
package = config.theme.fonts.sans.package;
name = config.theme.fonts.sans.family;
size = config.theme.fonts.size.normal;
};
gtk3.extraConfig = {
gtk-application-prefer-dark-theme = 1;
};
gtk4.extraConfig = {
gtk-application-prefer-dark-theme = 1;
};
};
home.sessionVariables.GTK_THEME = config.gtk.theme.name;
xdg.configFile =
let
gtk4Dir = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0";
in
{
"gtk-4.0/assets".source = "${gtk4Dir}/assets";
"gtk-4.0/gtk.css".source = "${gtk4Dir}/gtk.css";
"gtk-4.0/gtk-dark.css".source = "${gtk4Dir}/gtk-dark.css";
};
})
];
}

38
modules/home/theme/fonts.nix
View File

@ -1,38 +0,0 @@
{
config,
lib,
...
}:
let
inherit (lib) mkEnableOption mkIf unique;
cfg = config.ataraxia.defaults.fonts;
inherit (config.theme) fonts;
in
{
options.ataraxia.defaults.fonts = {
enable = mkEnableOption "Setup default fonts";
};
config = mkIf cfg.enable {
home.packages = unique [
fonts.sans.package
fonts.serif.package
fonts.mono.package
fonts.emoji.package
fonts.icons.package
];
fonts = {
fontconfig = {
enable = true;
defaultFonts = {
emoji = [ fonts.emoji.family ];
monospace = [ fonts.mono.family ];
sansSerif = [ fonts.sans.family ];
serif = [ fonts.serif.family ];
};
};
};
};
}

138
modules/home/theme/theme.nix
View File

@ -1,138 +0,0 @@
{ lib, pkgs, ... }:
let
inherit (lib) mkOption;
inherit (lib.types)
attrsOf
int
package
str
submodule
;
fontSubmodule = {
options = {
family = mkOption {
type = str;
};
package = mkOption {
type = package;
};
};
};
in
{
options.theme = {
colors = mkOption {
type = attrsOf str;
default = { };
};
fonts = {
sans = mkOption {
type = submodule fontSubmodule;
default = { };
};
serif = mkOption {
type = submodule fontSubmodule;
default = { };
};
mono = mkOption {
type = submodule fontSubmodule;
default = { };
};
emoji = mkOption {
type = submodule fontSubmodule;
default = { };
};
icons = mkOption {
type = submodule fontSubmodule;
default = { };
};
size = mkOption {
type = submodule {
options =
let
sizeOpt = mkOption {
type = int;
};
in
{
big = sizeOpt;
normal = sizeOpt;
small = sizeOpt;
};
};
};
};
icons = mkOption {
type = (
submodule {
options = {
name = mkOption {
type = str;
};
package = mkOption {
type = package;
};
};
}
);
default = { };
};
};
config = {
theme = {
colors = {
color0 = "1e1e2e"; # base
color1 = "181825"; # mantle
color2 = "313244"; # surface0
color3 = "45475a"; # surface1
color4 = "585b70"; # surface2
color5 = "cdd6f4"; # text
color6 = "f5e0dc"; # rosewater
color7 = "b4befe"; # lavender
color8 = "f38ba8"; # red
color9 = "fab387"; # peach
color10 = "f9e2af"; # yellow
color11 = "a6e3a1"; # green
color12 = "94e2d5"; # teal
color13 = "89b4fa"; # blue
color14 = "cba6f7"; # mauve
color15 = "f2cdcd"; # flamingo
};
fonts = {
sans = {
family = "Atkinson Hyperlegible Next";
package = pkgs.atkinson-hyperlegible-next;
};
serif = {
family = "Atkinson Hyperlegible Next";
package = pkgs.atkinson-hyperlegible-next;
};
mono = {
# family = "Atkinson Hyperlegible Mono";
# package = pkgs.atkinson-hyperlegible-mono;
family = "VictorMono Nerd Font Mono";
package = pkgs.nerd-fonts.victor-mono;
};
emoji = {
family = "Noto Color Emoji";
package = pkgs.noto-fonts-color-emoji;
};
icons = {
# family = "Material Icons";
# package = pkgs.material-icons;
family = "Rose-Pine";
package = pkgs.rosepine-gtk-icons;
};
size.big = 14;
size.normal = 12;
size.small = 11;
};
icons = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
};
};
}

57
modules/home/workspace/git.nix
View File

@ -1,57 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.git;
in
{
options.ataraxia.defaults.git = {
enable = mkEnableOption "Default git settings";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
difftastic
gh
];
programs.git = {
enable = true;
lfs.enable = true;
userEmail = "ataraxiadev@ataraxiadev.com";
userName = "Dmitriy Kholkin";
signing = {
signByDefault = true;
key = "922DA6E758A0FE4CFAB4E4B2FD266B810DF48DF2";
};
ignores = [
".direnv"
"*~"
".#*"
"#*#"
];
extraConfig = {
core = {
editor = "code --wait";
};
init = {
defaultBranch = "dev";
};
pull.rebase = true;
safe.directory = "*";
};
difftastic = {
enable = true;
background = "dark";
color = "always";
# display = "inline";
};
};
persist.state.directories = [ ".config/gh" ];
};
}

42
modules/home/workspace/gpg.nix
View File

@ -1,42 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.gpg;
in
{
options.ataraxia.defaults.gpg = {
enable = mkEnableOption "Default gpg settings";
};
config = mkIf cfg.enable {
programs.gpg = {
enable = true;
homedir = "${config.xdg.dataHome}/gnupg";
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
pinentry.package = pkgs.pinentry-gnome3;
sshKeys = [
"7A7130ABF128CC2C32B3D6AD27515056B0193CE1"
"E6A6377C3D0827C36428A290199FDB3B91414AFE"
];
};
systemd.user.services.gpg-agent = {
Service = {
Environment = lib.mkForce [
"GPG_TTY=/dev/tty1"
"DISPLAY=:0"
"GNUPGHOME=${config.programs.gpg.homedir}"
];
};
};
persist.state.directories = [ ".local/share/gnupg" ];
};
}

272
modules/home/workspace/wayland/hyprland.nix
View File

@ -1,272 +0,0 @@
{
config,
lib,
pkgs,
osConfig ? null,
...
}:
let
inherit (builtins) mapAttrs;
inherit (lib)
mkEnableOption
mkDefault
mkIf
optionalString
;
inherit (config.theme) colors;
cfg = config.ataraxia.wayland.hyprland;
apps = config.defaultApplications;
useNixosHyprland = osConfig != null && osConfig.programs.hyprland.enable;
useWithUWSM = osConfig != null && osConfig.programs.hyprland.withUWSM;
execApp = optionalString useWithUWSM "uwsm app --";
in
{
options.ataraxia.wayland.hyprland = {
enable = mkEnableOption "Enable hyprland";
};
config = mkIf cfg.enable {
home.packages = with pkgs; [
cliphist
grim
libnotify
mpris-ctl
pamixer
pavucontrol
slurp
wl-clipboard
];
wayland.windowManager.hyprland = {
enable = true;
package = mkIf useNixosHyprland null;
portalPackage = mkIf useNixosHyprland null;
systemd.enable = !useWithUWSM;
systemd.variables = [ "--all" ];
xwayland.enable = true;
settings = {
animations.enabled = true;
# fix gamescope issue: https://github.com/NixOS/nixpkgs/issues/351516
debug.full_cm_proto = true;
decoration = {
active_opacity = 0.95;
blur = {
enabled = true;
ignore_opacity = true;
passes = 3;
size = 2;
};
fullscreen_opacity = 1.0;
inactive_opacity = 0.85;
rounding = 0;
shadow = {
enabled = true;
color = "0xAA${colors.color8}";
ignore_window = true;
offset = "0 0";
range = 6;
};
};
ecosystem.no_update_news = true;
experimental.xx_color_management_v4 = true;
general = {
border_size = 1;
#col.active_border = "0xAA${colors.color8}";
#col.inactive_border = "0xAA${colors.color10}";
#col.nogroup_border = "0xCC${colors.color10}";
#col.nogroup_border_active = "0xAA${colors.color8}";
gaps_in = 6;
gaps_out = 12;
no_border_on_floating = false;
};
gestures.workspace_swipe = false;
input = {
follow_mouse = true;
force_no_accel = true;
kb_layout = "us,ru";
kb_options = "grp:win_space_toggle";
natural_scroll = false;
numlock_by_default = true;
sensitivity = mkDefault 0.3;
scroll_method = "2fg";
tablet = {
active_area_position = "50 60";
active_area_size = "39 22";
output = "current";
};
touchpad = {
clickfinger_behavior = true;
middle_button_emulation = true;
natural_scroll = true;
tap-to-click = true;
};
};
misc = {
disable_hyprland_logo = true;
disable_splash_rendering = true;
mouse_move_enables_dpms = true;
vfr = false;
vrr = 0; # TODO: Remove after flickering is fixed
};
monitor = [ ",highres,auto,1" ];
"$mod" = "SUPER";
bind = [
"$mod,q,killactive,"
"$mod,f,fullscreen,0"
"$mod SHIFT,F,togglefloating,"
"$mod CTRL,F,exec,hyprctl setprop active opaque toggle"
"$mod,left,movefocus,l"
"$mod,right,movefocus,r"
"$mod,up,movefocus,u"
"$mod,down,movefocus,d"
"$mod SHIFT,left,movewindow,l"
"$mod SHIFT,right,movewindow,r"
"$mod SHIFT,up,movewindow,u"
"$mod SHIFT,down,movewindow,d"
"$mod,f5,forcerendererreload,"
"$mod SHIFT,f5,exit,"
"$mod,f11,exec,sleep 1 && hyprctl dispatch dpms off"
"$mod,f12,exec,sleep 1 && hyprctl dispatch dpms on"
"$mod,p,exec,${execApp} wlogout -b 5"
# "$mod,escape,exec,${execApp} ${apps.monitor.cmd}"
"$mod,w,exec,${execApp} ${apps.dmenu.desktop} -show run"
"$mod CTRL,w,exec,${execApp} ${apps.dmenu.desktop} -show drun -modi drun -show-icons"
"$mod,return,exec,${execApp} ${apps.term.cmd}"
"$mod SHIFT,return,exec,${execApp} nop kitti3"
"$mod,e,exec,${execApp} ${apps.editor.cmd}"
"$mod,j,exec,${execApp} mpris-ctl prev"
"$mod,k,exec,${execApp} mpris-ctl pp"
"$mod,l,exec,${execApp} mpris-ctl next"
"$mod SHIFT,J,exec,${execApp} mpris-ctl --player Spotify prev"
"$mod SHIFT,K,exec,${execApp} mpris-ctl --player Spotify pp"
"$mod SHIFT,L,exec,${execApp} mpris-ctl --player Spotify next"
"$mod,m,exec,${execApp} pamixer -t"
"$mod,comma,exec,${execApp} pamixer -d 5"
"$mod,period,exec,${execApp} pamixer -i 5"
"$mod SHIFT,comma,exec,${execApp} pamixer -d 2"
"$mod SHIFT,period,exec,${execApp} pamixer -i 2"
"$mod,i,exec,${execApp} pavucontrol"
"$mod,d,exec,${execApp} ${apps.fm.cmd}"
# "$mod,y,exec,${execApp} ${pkgs.youtube-to-mpv}/bin/yt-mpv"
# "$mod SHIFT,Y,exec,${execApp} ${pkgs.youtube-to-mpv}/bin/yt-mpv --no-video"
"$mod,print,exec,${execApp} grim $(xdg-user-dir PICTURES)/Screenshots/$(date +'%Y-%m-%d+%H:%M:%S').png && notify-send 'Screenshot Saved'"
"$mod CTRL,print,exec,${execApp} grim - | wl-copy && notify-send 'Screenshot Copied to Clipboard'"
"$mod SHIFT,print,exec,${execApp} grim -g '$(slurp)' $(xdg-user-dir PICTURES)/Screenshots/$(date +'%Y-%m-%d+%H:%M:%S').png && notify-send 'Screenshot Saved'"
"$mod CTRLSHIFT,print,exec,${execApp} grim -g '$(slurp)' - | wl-copy && notify-send 'Screenshot Copied to Clipboard'"
",xf86audioplay,exec,${execApp} mpris-ctl pp"
",xf86audionext,exec,${execApp} mpris-ctl next"
",xf86audioprev,exec,${execApp} mpris-ctl prev"
",xf86audiolowervolume,exec,${execApp} pamixer -d 5"
",xf86audioraisevolume,exec,${execApp} pamixer -i 5"
"SHIFT,xf86audiolowervolume,exec,${execApp} pamixer -d 2"
"SHIFT,xf86audioraisevolume,exec,${execApp} pamixer -i 2"
",xf86audiomute,exec,${execApp} pamixer -t"
"$mod,s,togglegroup,"
"$mod,x,togglesplit,"
"$mod,c,changegroupactive,b"
"$mod,v,changegroupactive,f"
"$mod,V,exec,${execApp} cliphist list | ${apps.dmenu.desktop} -dmenu | cliphist decode | wl-copy"
"$mod,1,workspace,1"
"$mod,2,workspace,2"
"$mod,3,workspace,3"
"$mod,4,workspace,4"
"$mod,5,workspace,5"
"$mod,6,workspace,6"
"$mod,7,workspace,7"
"$mod,8,workspace,8"
"$mod,9,workspace,name:Email"
"$mod,0,workspace,name:Steam"
"$mod,b,workspace,name:Music"
"$mod,t,workspace,name:Messengers"
"$mod,g,workspace,name:Games"
"$mod SHIFT,1,movetoworkspacesilent,1"
"$mod SHIFT,2,movetoworkspacesilent,2"
"$mod SHIFT,3,movetoworkspacesilent,3"
"$mod SHIFT,4,movetoworkspacesilent,4"
"$mod SHIFT,5,movetoworkspacesilent,5"
"$mod SHIFT,6,movetoworkspacesilent,6"
"$mod SHIFT,7,movetoworkspacesilent,7"
"$mod SHIFT,8,movetoworkspacesilent,8"
"$mod SHIFT,9,movetoworkspacesilent,name:Email"
"$mod SHIFT,0,movetoworkspacesilent,name:Steam"
"$mod SHIFT,B,movetoworkspacesilent,name:Music"
"$mod SHIFT,T,movetoworkspacesilent,name:Messengers"
"$mod SHIFT,g,workspace,name:Games"
"ALT,1,movetoworkspacesilent,1"
"ALT,2,movetoworkspacesilent,2"
"ALT,3,movetoworkspacesilent,3"
"ALT,4,movetoworkspacesilent,4"
"ALT,5,movetoworkspacesilent,5"
"ALT,6,movetoworkspacesilent,6"
"ALT,7,movetoworkspacesilent,7"
"ALT,8,movetoworkspacesilent,8"
"ALT,9,movetoworkspacesilent,name:Email"
"ALT,0,movetoworkspacesilent,name:Steam"
"ALT,b,movetoworkspacesilent,name:Music"
"ALT,t,movetoworkspacesilent,name:Messengers"
"ALT,g,movetoworkspacesilent,name:Games"
"$mod ALT,1,movetoworkspace,1"
"$mod ALT,2,movetoworkspace,2"
"$mod ALT,3,movetoworkspace,3"
"$mod ALT,4,movetoworkspace,4"
"$mod ALT,5,movetoworkspace,5"
"$mod ALT,6,movetoworkspace,6"
"$mod ALT,7,movetoworkspace,7"
"$mod ALT,8,movetoworkspace,8"
"$mod ALT,9,movetoworkspace,name:Email"
"$mod ALT,0,movetoworkspace,name:Steam"
"$mod ALT,b,movetoworkspace,name:Music"
"$mod ALT,t,movetoworkspace,name:Messengers"
"$mod ALT,g,movetoworkspace,name:Games"
];
bindm = [
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
];
env = mapAttrs (n: v: "${n}=${v}") {
};
exec = map (x: "${execApp} ${x}") [
];
exec-once = map (x: "${execApp} ${x}") (
[
"wl-paste --type text --watch cliphist store"
"wl-paste --type image --watch cliphist store"
"${pkgs.mate.mate-polkit}/libexec/polkit-mate-authentication-agent-1"
]
++ config.startupApplications
);
windowrule = [
"center,class:^(Waydroid)$"
"float,class:^(gamescope)$"
"float,class:^(Waydroid)$"
"opaque,class:.*(jellyfin).*"
"opaque,class:.*(qemu).*"
"opaque,class:.*(virt-manager).*"
"opaque,class:^(.*winbox64.exe)$"
"opaque,class:^(Chromium-browser)$"
"opaque,class:^(firefox)$"
"opaque,class:^(gamescope)$"
"opaque,class:^(mpv)$"
"opaque,class:^(starrail.exe)$"
"opaque,class:^(steam)$"
"opaque,class:^(Waydroid)$"
"size 1600 900,class:^(Waydroid)$"
"tile,class:^(.*winbox64.exe)$"
"tile,title:^(Spotify)$"
"workspace name:Email silent,class:^(geary)$"
"workspace name:Email silent,class:^(thunderbird)$"
"workspace name:Messengers silent,class:^(org.telegram.desktop)$"
"workspace name:Music silent,title:^(Spotify)$"
"workspace name:Steam silent,class:^(.gamescope-wrapped)$,title:(Steam)"
"workspace name:Steam silent,class:^(steam)$"
];
};
};
};
}

32
modules/home/workspace/wayland/mako.nix
View File

@ -1,32 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkDefault mkEnableOption mkIf;
inherit (config.theme) colors fonts icons;
cfg = config.ataraxia.wayland.mako;
in
{
options.ataraxia.wayland.mako = {
enable = mkEnableOption "Enable mako";
};
config = mkIf cfg.enable {
services.mako = {
enable = true;
settings = {
default-timeout = 10000;
font = "${fonts.sans.family} ${toString fonts.size.normal}";
height = 80;
icon-path = "${icons.package}/share/icons/${icons.name}";
layer = "overlay";
max-icon-size = 24;
max-visible = 10;
width = 500;
backgroundColor = mkDefault "#${colors.color0}AA";
textColor = mkDefault "#${colors.color5}";
borderColor = mkDefault "#${colors.color13}AA";
progressColor = mkDefault "over #${colors.color11}";
};
};
};
}

20
modules/home/workspace/wayland/misc.nix
View File

@ -1,20 +0,0 @@
{
config,
lib,
...
}:
let
inherit (lib) mkDefault mkEnableOption mkIf;
cfg = config.ataraxia.wayland;
in
{
options.ataraxia.wayland = {
enable = mkEnableOption "Enable wayland with compositor and other components";
};
config = mkIf cfg.enable {
ataraxia.wayland.hyprland.enable = mkDefault true;
ataraxia.wayland.waybar.enable = mkDefault true;
home.sessionVariables.NIXOS_OZONE_WL = "1";
};
}

259
modules/home/workspace/wayland/waybar.nix
View File

@ -1,259 +0,0 @@
{
config,
lib,
...
}:
let
inherit (lib) mkEnableOption mkIf;
inherit (config.theme) fonts;
cfg = config.ataraxia.wayland.waybar;
in
{
options.ataraxia.wayland.waybar = {
enable = mkEnableOption "Enable waybar";
laptopWidgets = mkEnableOption "Enable laptop widgets (e.g. battery)";
};
config = mkIf cfg.enable {
programs.waybar = {
enable = true;
# style = builtins.readFile ./style.css;
systemd.enable = true;
systemd.target = "graphical-session.target";
settings = {
mainBar = {
layer = "top";
position = "top";
# margin = "8 8 0 8";
modules-left =
[
"hyprland/workspaces"
# "wireplumber"
]
++ lib.optionals cfg.laptopWidgets [
"battery"
"backlight"
];
modules-center = [ "hyprland/window" ];
modules-right = [
"tray"
"disk"
"cpu"
# "temperature"
"memory"
"clock"
];
backlight = {
device = "intel_backlight";
format = "{percent}% {icon}";
format-icons = [
""
""
""
""
""
""
""
];
# min-length = 7;
};
battery = {
interval = 60;
states = {
warning = 30;
critical = 15;
};
format = "{icon} {capacity}%";
format-charging = "<span color=\"#e0af68\">󱐌</span> {capacity}%";
format-icons = [
"<span color=\"#f7768e\"> </span>"
"<span color=\"#f7768e\"> </span>"
"<span color=\"#7aa2f7\"> </span>"
"<span color=\"#7aa2f7\"> </span>"
"<span color=\"#7aa2f7\"> </span>"
];
on-update = "$HOME/.config/waybar/scripts/check_battery.sh";
};
clock = {
format = "{:%a, %d %b, %H:%M}";
tooltip-format = "<tt>{calendar}</tt>";
calendar = {
mode = "month";
mode-mon-col = 3;
weeks-pos = "right";
on-scroll = 1;
format = {
months = "<span color='#c0caf5'><b>{}</b></span>";
days = "<span color='#c0caf5'><b>{}</b></span>";
weeks = "<span color='#7dcfff'><b>W{}</b></span>";
weekdays = "<span color='#ff9e64'><b>{}</b></span>";
today = "<span color='#f7768e'><b><u>{}</u></b></span>";
};
};
actions = {
on-click-right = "mode";
on-click-middle = "shift_reset";
on-scroll-up = "shift_up";
on-scroll-down = "shift_down";
};
};
cpu = {
interval = 4;
format = "<span color=\"#7aa2f7\"></span>{usage}%";
};
disk = {
interval = 60;
format = "<span color=\"#7aa2f7\"></span>{free}";
path = "/home";
};
"hyprland/window" = {
max-length = 64;
};
"hyprland/workspaces" = {
format = "{icon}";
on-click = "activate";
disable-scroll = true;
format-icons = {
"10" = "0";
"Messengers" = "Msg";
"Music" = "Mus";
};
};
memory = {
format = "<span color=\"#7aa2f7\"></span>{used}GiB";
interval = 4;
};
temperature = {
# "hwmon-path" = "/sys/class/hwmon/hwmon0/temp1_input";
critical-threshold = 80;
format = "<span color=\"#7aa2f7\">\uf4f5</span>{temperatureC}°C";
format-critical = "<span color=\"#f7768e\"> </span>{temperatureC}°C";
interval = 4;
};
tray = {
icon-size = 12;
spacing = 6;
};
wireplumber = {
scroll-step = 5;
format = "<span color=\"#7aa2f7\">{icon} </span>{volume}%";
format-muted = "<span color=\"#f7768e\">\ueee8</span>Muted";
format-bluetooth = "<span color=\"#7aa2f7\">\uf282 </span>{volume}%";
on-click-right = "blueman-manager";
format-icons = [
"\uf026 "
"\uf027 "
"\uf028 "
];
on-click = "pavucontrol";
};
};
};
style =
let
accent = "lavender";
in
''
/* @import "catppuccin.css"; */
* {
font-family: "${fonts.mono.family}", feather;
font-weight: 500;
font-size: ${toString fonts.size.small}pt;
color: @text;
}
/* main waybar */
window#waybar {
padding: 0;
margin: 0;
/* background: rgba(26, 27, 38, 0.7); */
background: @base;
}
/* when hovering over modules */
tooltip {
background: @base;
border-radius: 5%;
}
#workspaces button {
padding: 2px;
}
/* Sets active workspace to have a solid line on the bottom */
#workspaces button.active {
border-bottom: 2px solid @${accent};
border-radius: 0;
margin-top: 2px;
transition: all 0.5s ease-in-out;
}
/* More workspace stuff for highlighting on hover */
#workspaces button.focused {
color: @subtext0;
}
#workspaces button.urgent {
color: #f7768e;
}
#workspaces button:hover {
background: @crust;
color: @text;
}
/* Sets background, padding, margins, and borders for (all) modules */
#workspaces,
#clock,
#window,
#temperature,
#disk,
#cpu,
#memory,
#network,
#wireplumber,
#tray,
#backlight,
#battery {
/* background: rgba(26, 27, 38, 0); */
background: @base;
padding: 0 10px;
border: 0;
}
#workspaces {
padding-right: 0px;
}
/* Hide window module when not focused on window or empty workspace */
window#waybar.empty #window {
padding: 0;
margin: 0;
opacity: 0;
}
/* Set up rounding to make these modules look like separate pills */
#tray {
color: @${accent};
border-radius: 12px;
margin-right: 4px;
}
#window {
border-radius: 12px;
}
/* close right side of bar */
#temperature {
border-radius: 12px 0 0 12px;
}
/* close left side of bar */
#battery {
border-radius: 0 12px 12px 0;
}
'';
};
};
}

215
modules/home/workspace/zsh/default.nix
View File

@ -1,215 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.defaults.zsh;
in
{
options.ataraxia.defaults.zsh = {
enable = mkEnableOption "Default zsh settings";
};
config = mkIf cfg.enable {
home.sessionVariables.SHELL = getExe config.programs.zsh.package;
home.file.".profile".text = ''
. "${config.home.profileDirectory}/etc/profile.d/hm-session-vars.sh"
'';
programs = {
zsh = {
enable = true;
enableCompletion = true;
oh-my-zsh = {
enable = true;
theme = "agnoster";
plugins = [
"git"
"dirhistory"
];
};
plugins = [
{
name = "zsh-nix-shell";
file = "share/zsh-nix-shell/nix-shell.plugin.zsh";
src = pkgs.zsh-nix-shell;
}
{
name = "zsh-autosuggestions";
file = "share/zsh-autosuggestions/zsh-autosuggestions.zsh";
src = pkgs.zsh-autosuggestions;
}
{
name = "you-should-use";
file = "share/zsh/plugins/you-should-use/you-should-use.plugin.zsh";
src = pkgs.zsh-you-should-use;
}
{
name = "powerlevel10k-config";
src = ./.;
file = "p10k.zsh";
}
{
name = "zsh-powerlevel10k";
src = pkgs.zsh-powerlevel10k;
file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
}
{
name = "zsh-z";
src = pkgs.zsh-z;
file = "share/zsh-z/zsh-z.plugin.zsh";
}
];
dotDir = ".config/zsh";
history = rec {
size = 1000000;
save = size;
path = "${config.xdg.dataHome}/zsh/history";
};
envExtra = ''
SHELL="${pkgs.zsh}/bin/zsh";
ZSHZ_DATA="${config.xdg.dataHome}/zsh/z";
'';
shellAliases = {
"_" = "doas";
"clr" = "clear";
"rcp" = "rsync -ah --partial --no-whole-file --info=progress2";
"rrcp" = "_ rsync -ah --partial --no-whole-file --info=progress2";
"ncg" = "_ nix-collect-garbage";
"ncgd" = "_ nix-collect-garbage -d";
"weather" = "curl wttr.in/Volzhskiy";
"rede" = "systemctl --user start gammastep.service &";
"redd" = "systemctl --user stop gammastep.service &";
"show-packages" = "_ nix-store -q --references /run/current-system/sw";
"nsp" = "nix-shell --run zsh -p";
"nd" = "nix develop -c zsh";
"nb" = "nix build";
"nbf" = "nix-fast-build --flake";
"nbfc" = "nix-fast-build --skip-cached --flake";
"nr" = "nix run";
"e" = "$EDITOR";
"q" = "qalc";
"man" = "pinfo";
"l" = "eza -lag";
"tree" = "eza -T";
"ltree" = "eza -lgT";
"atree" = "eza -aT";
"latree" = "eza -lagT";
"t" = "trans";
"steam-gamescope" = "gamescope -b --steam -- steam -pipewire-dmabuf";
# systemd
"ctl" = "systemctl";
"ctlsp" = "systemctl stop";
"ctlst" = "systemctl start";
"ctlrt" = "systemctl restart";
"ctls" = "systemctl status";
"ctlu" = "systemctl --user";
"ctlusp" = "systemctl --user stop";
"ctlust" = "systemctl --user start";
"ctlurt" = "systemctl --user restart";
"ctlus" = "systemctl --user status";
"ctlfailed" = "systemctl --failed --all";
"ctlrf" = "systemctl reset-failed";
"ctldrd" = "systemctl daemon-reload";
"j" = "journalctl";
"ju" = "journalctl -xe -u";
"juu" = "journalctl -xe --user-unit";
};
initContent = ''
setopt HIST_IGNORE_SPACE
rga-fzf() {
RG_PREFIX="rga --files-with-matches"
local file
file="$(
FZF_DEFAULT_COMMAND="$RG_PREFIX '$1'" \
fzf --sort --preview="[[ ! -z {} ]] && rga --pretty --context 5 {q} {}" \
--phony -q "$1" \
--bind "change:reload:$RG_PREFIX {q}" \
--preview-window="70%:wrap"
)" &&
echo "opening $file" &&
xdg-open "$file"
}
# zst 7z archive
z7za() {
rm /tmp/7z-exclude.lst > /dev/null 2>&1 || true
for var in "$@"; do
\find "$var" -type l -print -exec readlink -f {} \; >> /tmp/7z-exclude.lst
done
7z a $(basename "$1").7z "$@" -m0=zstd -mx5 -xr@/tmp/7z-exclude.lst
}
# zst 7z archive to backup folder
z7zab() {
rm /tmp/7z-exclude.lst > /dev/null 2>&1 || true
for var in "$@"; do
\find "$var" -type l -print -exec readlink -f {} \; >> /tmp/7z-exclude.lst
done
7z a ~/backup/$(basename "$1").7z "$@" -m0=zstd -mx5 -xr@/tmp/7z-exclude.lst
}
gif2webm() {
file="$1"
dir=$(dirname $1)
file="$(basename $file)"
file="''${file%.*}"
ffmpeg -i "$1" -c:v libvpx-vp9 -b:v 0 -crf 30 -an "$dir/$file.webm"
}
gh_delete_runs() {
org="$1"
repo="$2"
set -a
source /run/secrets/github-token
set +a
run_ids=($(${pkgs.gh}/bin/gh api repos/$org/$repo/actions/runs --paginate --jq '.workflow_runs[] | .id'))
for run_id in "''${run_ids[@]}"
do
echo "Deleting Run ID $run_id"
${pkgs.gh}/bin/gh api repos/$org/$repo/actions/runs/$run_id --method DELETE >/dev/null &
done
}
jl() {
journalctl -o json --output-fields=MESSAGE,PRIORITY,_PID,SYSLOG_IDENTIFIER,_SYSTEMD_UNIT "$@" | lnav
}
# Start and then view status of service
ctlsts () {
systemctl start "$1"
systemctl status "$1"
}
ctlusts () {
systemctl --user start "$1"
systemctl --user status "$1"
}
# Restart and then view status of service
ctlrts () {
systemctl restart "$1"
systemctl status "$1"
}
ctlurts () {
systemctl --user restart "$1"
systemctl --user status "$1"
}
XDG_DATA_DIRS=$XDG_DATA_DIRS:$GSETTINGS_SCHEMAS_PATH
export XDG_DATA_DIRS=$XDG_DATA_DIRS:/usr/share:/var/lib/flatpak/exports/share:$HOME/.local/share/flatpak/exports/share
PS1="$PS1
$ "
'';
};
fzf = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
};
persist.state.directories = [ ".local/share/zsh" ];
};
}

1641
modules/home/workspace/zsh/p10k.zsh
View File

File diff suppressed because it is too large Load Diff

32
modules/nixos/applications/corectrl.nix
View File

@ -1,32 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (builtins) hasAttr;
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.corectrl;
defaultUser = config.ataraxia.defaults.users.defaultUser;
in
{
options.ataraxia.programs.corectrl = {
enable = mkEnableOption "Enable corectrl program";
};
config = mkIf cfg.enable {
programs.corectrl = {
enable = true;
gpuOverclock.enable = true;
# gpuOverclock.ppfeaturemask = "0xffffffff";
};
home-manager = mkIf (hasAttr "users" config.home-manager) {
users.${defaultUser} = {
startupApplications = [ "${pkgs.corectrl}/bin/corectrl" ];
persist.state.directories = [ ".config/corectrl" ];
};
};
};
}

52
modules/nixos/applications/steam.nix
View File

@ -1,52 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (builtins) hasAttr;
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.programs.steam;
defaultUser = config.ataraxia.defaults.users.defaultUser;
in
{
options.ataraxia.programs.steam = {
enable = mkEnableOption "Enable steam";
};
config = mkIf cfg.enable {
programs.gamescope.enable = true;
programs.gamescope.capSysNice = false;
services.ananicy = {
enable = true;
package = pkgs.ananicy-cpp;
rulesProvider = pkgs.ananicy-cpp;
extraRules = [
{
"name" = "gamescope";
"nice" = -20;
}
];
};
programs.steam.enable = true;
programs.steam.extraCompatPackages = with pkgs; [
proton-ge-bin
];
programs.steam.gamescopeSession.enable = true;
programs.steam.gamescopeSession.env = {
MANGOHUD = "1";
CONNECTOR = "*,DP-3";
};
programs.steam.gamescopeSession.args = [ "--adaptive-sync" ];
home-manager = mkIf (hasAttr "users" config.home-manager) {
users.${defaultUser} = {
startupApplications = [ "${config.programs.steam.package}/bin/steam" ];
persist.state.directories = [ ".local/share/Steam" ];
};
};
};
}

4
modules/nixos/backups/default.nix Normal file
View File

@ -0,0 +1,4 @@
{ ... }:
{
imports = [ ./postgresql.nix ];
}

48
modules/nixos/boot/default.nix
View File

@ -1,48 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkDefault mkEnableOption mkIf;
cfg = config.ataraxia.defaults.boot;
in
{
options.ataraxia.defaults.boot = {
enable = mkEnableOption "Default boot settings";
};
config = mkIf cfg.enable {
boot = {
loader = {
timeout = mkDefault 4;
systemd-boot.enable = mkDefault false;
};
kernelParams = [
"kvm.ignore_msrs=1"
"kvm.report_ignored_msrs=0"
"nofb"
"rd.systemd.show_status=auto"
"rd.udev.log_priority=3"
"zswap.enabled=0"
];
kernelPackages = pkgs.linuxPackages_xanmod_latest;
consoleLogLevel = 3;
kernel.sysctl = mkIf config.zramSwap.enable {
"vm.swappiness" = 100;
"vm.vfs_cache_pressure" = 200;
"vm.dirty_background_ratio" = 1;
"vm.dirty_ratio" = 40;
"vm.page-cluster" = 0;
};
tmp.cleanOnBoot = !config.boot.tmp.useTmpfs;
};
};
}

37
modules/nixos/default.nix
View File

@ -1,38 +1,11 @@
{ lib, ... }:
let
inherit (lib) hasSuffix remove;
inherit (builtins)
attrValues
concatLists
mapAttrs
readDir
;
filterRoot = remove (./. + "/default.nix");
findModules =
inherit (lib) filterAttrs;
inherit (builtins) attrNames readDir;
moduleDirs =
dir:
concatLists (
attrValues (
mapAttrs (
name: type:
if type == "directory" then
if (readDir (dir + "/${name}")) ? "default.nix" then
[
(dir + "/${name}")
]
else
findModules (dir + "/${name}")
else if (type == "regular" && (hasSuffix ".nix" name)) then
[
(dir + "/${name}")
]
else
[ ]
) (readDir dir)
)
);
map (name: dir + "/${name}") (attrNames (filterAttrs (_: type: type == "directory") (readDir dir)));
in
{
imports = filterRoot (findModules ./.);
imports = moduleDirs ./.;
}

18
modules/nixos/filesystems/btrfs.nix
View File

@ -41,16 +41,6 @@ in
{
options.ataraxia.filesystems.btrfs = {
enable = mkEnableOption "Root on btrfs";
mountpoints = mkOption {
type = listOf str;
default = [ ];
description = ''
A list of absolute paths to BTRFS subvolume mountpoints.
These paths will be automatically filtered out from the directories persisted through
persist module to prevent conflicts with BTRFS' native mount management. Any matching entries
in the persistence list will be removed.
'';
};
# Btrfs clean root
eraseOnBoot = {
enable = mkOption {
@ -118,10 +108,10 @@ in
requires = [ cfg.eraseOnBoot.waitForDevice ];
after = [ cfg.eraseOnBoot.waitForDevice ];
before = [ "sysroot.mount" ];
path = with pkgs; [
btrfs-progs
coreutils
util-linuxMinimal.mount
path = [
pkgs.btrfs-progs
pkgs.coreutils
pkgs.util-linuxMinimal.mount
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";

7
modules/nixos/filesystems/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./btrfs.nix
./zfs.nix
];
}

75
modules/nixos/filesystems/zfs.nix
View File

@ -1,85 +1,14 @@
{ config, lib, ... }:
let
inherit (lib)
concatStringsSep
mkIf
mkEnableOption
mkOption
mkBefore
;
inherit (lib.types)
bool
str
listOf
;
inherit (lib) mkIf mkEnableOption;
cfg = config.ataraxia.filesystems.zfs;
in
{
options.ataraxia.filesystems.zfs = {
enable = mkEnableOption "Root on zfs";
mountpoints = mkOption {
type = listOf str;
default = [ ];
description = ''
A list of absolute paths to ZFS dataset mountpoints.
These paths will be automatically filtered out from the directories persisted through
persist module to prevent conflicts with ZFS's native mount management. Any matching entries
in the persistence list will be removed.
'';
};
# Zfs clean root
eraseOnBoot = {
enable = mkOption {
type = bool;
default = config.persist.enable;
description = "Rollback zfs datasets on boot";
};
snapshots = mkOption {
type = listOf str;
default = [ ];
example = [ "rpool/nixos/root@empty" ];
description = ''
A list of dataset snapshots to rollback on boot.
'';
};
};
};
config =
let
script = concatStringsSep "\n" (
map (x: ''
${config.boot.zfs.package}/bin/zfs rollback -r ${x} && echo ">>> rollback ${x} <<<"
'') cfg.eraseOnBoot.snapshots
);
in
mkIf cfg.enable {
boot.initrd = mkIf cfg.eraseOnBoot.enable {
postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable) (mkBefore script);
systemd.services.rollback = mkIf config.boot.initrd.systemd.enable {
description = "Rollback zfs datasets to a pristine state on boot";
wantedBy = [ "initrd.target" ];
requires = [ "zfs-import-rpool.service" ];
after = [ "zfs-import-rpool.service" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = script;
};
};
boot.kernelParams = [
"zfs.metaslab_lba_weighting_enabled=0"
];
services.zfs = {
autoScrub.enable = true;
autoScrub.interval = "monthly";
trim.enable = true;
trim.interval = "weekly";
};
config = mkIf cfg.enable {
persist.state.files = [
"/etc/zfs/zpool.cache"
];

88
modules/nixos/hardware/hardware.nix
View File

@ -1,88 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf mkOption;
inherit (lib.types) enum nullOr;
cfg = config.ataraxia.defaults.hardware;
in
{
options.ataraxia.defaults.hardware = {
enable = mkEnableOption "Default hardware settings";
graphics = mkEnableOption "Enable hardware.graphics module";
cpuVendor = mkOption {
default = null;
type = nullOr (enum [
"amd"
"intel"
]);
};
gpuVendor = mkOption {
default = null;
type = nullOr (enum [
"amd"
"intel"
"nvidia"
]);
};
};
config = mkIf cfg.enable (
lib.mkMerge [
{
hardware.cpu.${cfg.cpuVendor}.updateMicrocode = true;
hardware.enableRedistributableFirmware = true;
}
(lib.mkIf (cfg.graphics) {
boot.initrd.kernelModules =
if (cfg.gpuVendor == "amd") then
[
"amdgpu"
]
else if (cfg.gpuVendor == "intel") then
[
"i915"
]
else
[ ];
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages =
if cfg.gpuVendor == "intel" then
[
pkgs.intel-media-driver
pkgs.intel-vaapi-driver
pkgs.libvdpau-va-gl
]
else
[ ];
};
hardware.amdgpu = lib.mkIf (cfg.gpuVendor == "amd") {
opencl.enable = false;
initrd.enable = config.boot.initrd.systemd.enable;
};
environment.sessionVariables =
if (cfg.gpuVendor == "intel") then
{
GST_VAAPI_ALL_DRIVERS = "1";
LIBVA_DRIVER_NAME = "iHD";
VDPAU_DRIVER = "va_gl";
}
else if (cfg.gpuVendor == "amd") then
{
AMD_VULKAN_ICD = "RADV";
}
else
{ };
})
]
);
}

44
modules/nixos/hardware/sound.nix
View File

@ -1,44 +0,0 @@
{ config, lib, ... }:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.defaults.sound;
in
{
options.ataraxia.defaults.sound = {
enable = mkEnableOption "Default sound settings";
};
config = mkIf cfg.enable {
security.rtkit.enable = true;
services.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
wireplumber.extraConfig = {
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
"bluez5.enable-hw-volume" = true;
"bluez5.roles" = [
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
};
};
extraConfig.client = {
"10-no-resample" = {
"stream.properties" = {
"resample.disable" = true;
};
};
};
};
};
}

0
modules/nixos/nix/lix.nix → modules/nixos/lix/default.nix
View File

23
modules/nixos/locale/default.nix
View File

@ -3,12 +3,13 @@ let
inherit (lib) mkDefault mkEnableOption mkIf;
cfg = config.ataraxia.defaults.locale;
c = "C.UTF-8";
dk = "en_DK.UTF-8";
gb = "en_GB.UTF-8";
ie = "en_IE.UTF-8";
ru = "ru_RU.UTF-8";
us = "en_US.UTF-8";
lang = "en_US:en:C:ru_RU:ru";
lang = "en_IE:en_US:en:C:ru_RU";
in
{
options.ataraxia.defaults.locale = {
@ -16,8 +17,10 @@ in
};
config = mkIf cfg.enable {
# Locale
i18n.defaultCharset = "UTF-8";
environment.sessionVariables = {
XKB_DEFAULT_LAYOUT = "us,ru";
XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";
};
i18n.defaultLocale = ie;
i18n.extraLocaleSettings = {
LANGUAGE = lang;
@ -28,18 +31,14 @@ in
LC_PAPER = ru;
LC_TELEPHONE = ru;
};
i18n.extraLocales = map (x: "${x}/${config.i18n.defaultCharset}") [
i18n.supportedLocales = map (x: "${x}/UTF-8") [
c
dk
gb
ie
ru
us
];
# Keyboard layout
console.earlySetup = true;
console.useXkbConfig = true;
services.xserver.xkb = {
layout = "us,ru";
options = "grp:win_space_toggle";
};
# Timezone
time.timeZone = mkDefault "Europe/Moscow";
};
}

103
modules/nixos/networking/networkd.nix → modules/nixos/network/default.nix
View File

@ -5,45 +5,26 @@
...
}:
let
inherit (builtins) concatLists filter;
inherit (lib)
getExe
mkDefault
mkEnableOption
mkForce
mkIf
mkOption
optionals
;
inherit (lib.types)
bool
listOf
nullOr
str
submodule
;
cfg = config.ataraxia.networkd;
ipAddressType = submodule {
options = {
address = mkOption {
type = str;
};
gateway = mkOption {
type = nullOr str;
default = null;
};
dns = mkOption {
type = listOf str;
default = [ ];
};
gatewayOnLink = mkEnableOption "Enable GatewayOnLink";
};
};
cfg = config.ataraxia.network;
in
{
options.ataraxia.networkd = {
options.ataraxia.network = {
enable = mkEnableOption "Enable systemd-networkd bridged network";
disableIPv6 = mkEnableOption "Enable IPv6";
enableIPv6 = mkEnableOption "Enable IPv6";
domain = mkOption {
type = nullOr str;
default = null;
@ -54,7 +35,6 @@ in
mac = mkOption {
type = str;
};
# TODO: implement disabling bridge
bridge = {
enable = mkOption {
type = bool;
@ -65,21 +45,31 @@ in
default = "br0";
};
};
ipv4 = mkOption {
type = listOf ipAddressType;
ipv4 = {
address = mkOption {
type = str;
};
gateway = mkOption {
type = str;
};
dns = mkOption {
type = listOf str;
default = [ ];
};
ipv6 = mkOption {
type = listOf ipAddressType;
default =
if !cfg.disableIPv6 then
[
{
address = "fc00::1/64";
}
]
else
[ ];
gatewayOnLink = mkEnableOption "Enable GatewayOnLink";
};
ipv6 = {
address = mkOption {
type = str;
};
gateway = mkOption {
type = str;
};
dns = mkOption {
type = listOf str;
default = [ ];
};
gatewayOnLink = mkEnableOption "Enable GatewayOnLink";
};
};
@ -87,11 +77,11 @@ in
services.resolved.enable = true;
networking = {
dhcpcd.enable = false;
domain = cfg.domain;
enableIPv6 = !cfg.disableIPv6;
domain = mkIf (cfg ? domain) cfg.domain;
enableIPv6 = cfg.enableIPv6;
nftables.enable = true;
useDHCP = false;
useNetworkd = true;
useNetworkd = false;
usePredictableInterfaceNames = mkForce true;
firewall = {
enable = true;
@ -121,26 +111,37 @@ in
};
"40-${cfg.bridge.name}" = {
matchConfig.Name = cfg.bridge.name;
address = map (ip: ip.address) (cfg.ipv4 ++ cfg.ipv6);
dns = concatLists (map (ip: ip.dns) (cfg.ipv4 ++ cfg.ipv6));
address =
[
cfg.ipv4.address
]
++ optionals cfg.enableIPv6 [
cfg.ipv6.address
"fc00::1/64"
];
dns = cfg.ipv4.dns ++ optionals cfg.enableIPv6 cfg.ipv6.dns;
networkConfig.LinkLocalAddressing = "no";
linkConfig.RequiredForOnline = "routable";
routes =
let
filteredRoutes = filter (ip: ip.gateway != null) (cfg.ipv4 ++ cfg.ipv6);
routes = map (x: {
Gateway = x.gateway;
GatewayOnLink = x.gatewayOnLink;
}) filteredRoutes;
in
routes;
[
{
Gateway = cfg.ipv4.gateway;
GatewayOnLink = mkIf cfg.ipv4.gatewayOnLink true;
}
]
++ optionals cfg.enableIPv6 [
{
Gateway = cfg.ipv6.gateway;
GatewayOnLink = mkIf cfg.ipv4.gatewayOnLink true;
}
];
};
};
};
system.activationScripts.udp-gro-forwarding = mkIf cfg.bridge.enable {
text = ''
${getExe pkgs.ethtool} -K ${cfg.bridge.name} rx-udp-gro-forwarding on rx-gro-list off
${pkgs.ethtool}/bin/ethtool -K ${cfg.bridge.name} rx-udp-gro-forwarding on rx-gro-list off
'';
};
};

32
modules/nixos/networking/networkmanager.nix
View File

@ -1,32 +0,0 @@
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkForce
mkIf
mkOption
;
inherit (lib.types) listOf package;
cfg = config.ataraxia.networkmanager;
in
{
options.ataraxia.networkmanager = {
enable = mkEnableOption "Enable NetworkManager";
plugins = mkOption {
type = listOf package;
default = [ ];
description = ''
List of NetworkManager plug-ins to enable.
'';
};
};
config = mkIf cfg.enable {
networking.networkmanager.enable = mkForce true;
networking.networkmanager.plugins = mkForce cfg.plugins;
persist.state.directories = [
"/etc/NetworkManager/system-connections"
];
};
}

79
modules/nixos/networking/sing-box.nix
View File

@ -1,79 +0,0 @@
{
config,
lib,
pkgs,
secretsDir,
...
}:
let
inherit (lib)
mkEnableOption
mkPackageOption
mkIf
mkOption
;
inherit (lib.types) str;
cfg = config.ataraxia.vpn.sing-box;
isNetworkd = config.networking.useNetworkd;
in
{
options.ataraxia.vpn.sing-box = {
enable = mkEnableOption "Enable sing-box proxy service";
package = mkPackageOption pkgs "sing-box" { };
config = mkOption {
type = str;
description = "Name of sing-box config in sops secret";
};
interfaceName = mkOption {
type = str;
default = "singtun0";
description = "Name of sing-box tunnel network interface";
};
};
config = mkIf cfg.enable {
sops.secrets.${cfg.config} = {
sopsFile = secretsDir + /proxy.yaml;
restartUnits = [ "sing-box.service" ];
mode = "0600";
};
environment.systemPackages = [ cfg.package ];
systemd.packages = [ cfg.package ];
systemd.services.sing-box = {
preStart = ''
umask 0007
mkdir -p ''${RUNTIME_DIRECTORY}
cp ${config.sops.secrets.${cfg.config}.path} ''${RUNTIME_DIRECTORY}/config.json
'';
serviceConfig = {
StateDirectory = "sing-box";
StateDirectoryMode = "0700";
RuntimeDirectory = "sing-box";
RuntimeDirectoryMode = "0700";
ExecStart = [
""
"${lib.getExe cfg.package} -D \${STATE_DIRECTORY} -C \${RUNTIME_DIRECTORY} run"
];
};
wantedBy = [ "multi-user.target" ];
};
networking.dhcpcd.denyInterfaces = [ cfg.interfaceName ];
systemd.network = {
wait-online.ignoredInterfaces = [ cfg.interfaceName ];
networks."50-singbox" = mkIf isNetworkd {
matchConfig = {
Name = cfg.interfaceName;
};
linkConfig = {
Unmanaged = true;
ActivationPolicy = "manual";
};
};
};
};
}

3
modules/nixos/nix/nix.nix → modules/nixos/nix/default.nix
View File

@ -2,7 +2,6 @@
config,
lib,
inputs,
flake-nixpkgs,
flake-self,
...
}:
@ -16,7 +15,7 @@ in
};
config = mkIf cfg.enable {
environment.etc.nixpkgs.source = flake-nixpkgs.outPath;
environment.etc.nixpkgs.source = config.nixpkgs.flake.source;
environment.etc.self.source = flake-self.outPath;
nix = {
channel.enable = false;

81
modules/nixos/persist/default.nix
View File

@ -7,25 +7,20 @@
let
inherit (lib)
escapeShellArg
hasPrefix
hasSuffix
filterAttrs
mapAttrs
mapAttrs'
mkEnableOption
mkDefault
mkIf
mkMerge
mkOption
optionalString
nameValuePair
optionalAttrs
recursiveUpdate
unique
;
inherit (lib.types) listOf path str;
inherit (builtins) any concatMap filter;
inherit (builtins) concatMap;
cfg = config.persist;
btrfs = config.ataraxia.filesystems.btrfs.mountpoints;
zfs = config.ataraxia.filesystems.zfs.mountpoints;
mountpoints = map (x: "${x}${optionalString (!(hasSuffix "/" x)) "/"}") (unique (btrfs ++ zfs));
subtractListsPrefix = a: filter (dir: !(any (pref: hasPrefix pref dir) a));
in
{
imports = [ inputs.impermanence.nixosModules.impermanence ];
@ -71,6 +66,12 @@ in
config =
let
# TODO: fix infinite recursion (can't get user home directory)
# userPersists = lib.mapAttrs (name: cfg:
# cfg.persist // {
# home = config.users.users.${name}.home;
# }
# ) config.home-manager.users;
takeAll = what: concatMap (x: x.${what});
persists = with cfg; [
state
@ -78,20 +79,61 @@ in
];
allFiles = takeAll "files" persists;
allDirectories = takeAll "directories" persists;
# Remove btrfs + zfs mountpoints from list of dirs to persist
filteredDirs = subtractListsPrefix mountpoints allDirectories;
userPersists = mapAttrs (_: cfg: cfg.persist) (
{ } // optionalAttrs (builtins.hasAttr "home-manager" config) config.home-manager.users
);
usersFlatten = mapAttrs (
name: cfg:
let
persists = with cfg; [
state
cache
];
allHomeFiles = takeAll "files" persists;
allHomeDirectories = takeAll "directories" persists;
in
{
home = "/home/${name}";
directories = allHomeDirectories;
files = allHomeFiles;
}
) userPersists;
in
mkIf cfg.enable {
environment.persistence.${cfg.persistRoot} = {
hideMounts = true;
directories = filteredDirs;
directories = allDirectories;
files = allFiles;
# users = usersFlatten;
users = usersFlatten;
};
programs.fuse.userAllowOther = mkDefault true;
systemd.services =
let
filtered = filterAttrs (_: cfg: cfg.cache.clean.enable) userPersists;
in
mkMerge [
(mapAttrs' (
name: cfg:
let
absoluteHomePath = map (x: "/home/${name}/${x}");
in
nameValuePair "persist-cache-cleanup-${name}" {
description = "Cleaning up cache files and directories for user ${name}";
script = ''
${builtins.concatStringsSep "\n" (
map (x: "rm ${escapeShellArg x}") (absoluteHomePath cfg.cache.files)
)}
systemd.services.persist-cache-cleanup = mkIf cfg.cache.clean.enable {
${builtins.concatStringsSep "\n" (
map (x: "rm -rf ${escapeShellArg x}") (absoluteHomePath cfg.cache.directories)
)}
'';
startAt = cfg.cache.clean.dates;
}
) filtered)
{
persist-cache-cleanup = mkIf cfg.cache.clean.enable {
description = "Cleaning up cache files and directories";
script = ''
${builtins.concatStringsSep "\n" (map (x: "rm ${escapeShellArg x}") cfg.cache.files)}
@ -100,8 +142,11 @@ in
'';
startAt = cfg.cache.clean.dates;
};
}
];
fileSystems.${cfg.persistRoot}.neededForBoot = true;
# TODO: disable some dirs if using zfs
# Persist by default
persist.cache.directories = [
"/var/cache"

7
modules/nixos/profiles/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./hardened.nix
./minimal.nix
];
}

2
modules/nixos/profiles/minimal.nix
View File

@ -36,8 +36,6 @@ in
stub-ld.enable = mkDefault false;
};
fonts.enableDefaultPackages = false;
programs = {
# The lessopen package pulls in Perl.
less.lessopen = mkDefault null;

45
modules/nixos/roles/default.nix
View File

@ -1,8 +1,6 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
@ -33,28 +31,19 @@ in
};
};
imports = [ inputs.nix-index-database.nixosModules.nix-index ];
config =
let
baseRole = {
ataraxia.defaults.boot.enable = mkDefault true;
ataraxia.defaults.hardware.enable = mkDefault true;
ataraxia.defaults.locale.enable = mkDefault true;
ataraxia.defaults.lix.enable = mkDefault true;
ataraxia.defaults.nix.enable = mkDefault true;
ataraxia.defaults.ssh.enable = mkDefault true;
ataraxia.defaults.users.enable = mkDefault true;
programs.nix-index.enable = mkDefault true;
programs.nix-index-database.comma.enable = mkDefault true;
persist.enable = mkDefault true;
persist.cache.clean.enable = mkDefault true;
# Do not compress journal logs if using native fs compression
services.journald.extraConfig = mkIf fsCompression (mkDefault "Compress=false");
services.speechd.enable = false;
boot.initrd.systemd.enable = mkDefault true;
services.userborn.enable = mkDefault true;
@ -63,22 +52,10 @@ in
system.etc.overlay.enable = mkDefault true;
system.etc.overlay.mutable = mkDefault true;
systemd.services.systemd-timesyncd.wantedBy = [
"multi-user.target"
];
systemd.timers.systemd-timesyncd = {
timerConfig.OnCalendar = "hourly";
};
environment.systemPackages = with pkgs; [
git
];
zramSwap = {
enable = true;
algorithm = "zstd";
priority = mkDefault 100;
memoryPercent = mkDefault 50;
memoryPercent = 100;
};
};
serverRole = recursiveUpdate baseRole {
@ -86,32 +63,14 @@ in
ataraxia.profiles.minimal = mkDefault true;
time.timeZone = "Etc/UTC";
zramSwap.memoryPercent = 100;
};
desktopRole = recursiveUpdate baseRole {
ataraxia.defaults.hardware.graphics = mkDefault true;
ataraxia.defaults.sound.enable = mkDefault true;
ataraxia.wayland.enable = mkDefault true;
ataraxia.wayland.hyprland.enable = mkDefault true;
services.gvfs.enable = mkDefault true;
# saved space, but you need to recompile gvfs
services.gvfs.package = (
pkgs.gnome.gvfs.override {
samba = null;
gnomeSupport = false;
}
);
services.getty.autologinUser = mkDefault defaultUser;
services.getty.autologinUser = defaultUser;
location = {
provider = "manual";
latitude = 48;
longitude = 44;
};
zramSwap.memoryPercent = 150;
};
in
mkMerge [

0
modules/nixos/services/ssh.nix → modules/nixos/ssh/default.nix
View File

10
modules/nixos/user/default.nix
View File

@ -5,11 +5,7 @@
...
}:
let
inherit (lib)
mkIf
mkEnableOption
mkOption
;
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.ataraxia.defaults.users;
in
@ -55,7 +51,7 @@ in
];
uid = 1000;
hashedPassword = "$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6";
shell = pkgs.zsh;
shell = pkgs.bashInteractive;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+xd8ClJPvJuAdYC9HlNnjiubEtYfvnKjYr9ROV+UmPVvI3ZITF24OaMI+fxgR0EqGfcUzSGom8528IB53Q3aFMIAaA0vKjW+jrByyB2l/k/+ttpLbH75c9WyOpAcUDTen8BhHKPyXOHoJ1jLu7GFmtPZ+mZo8thFB/VIRrwECHd8DnF0drsSCorkRp1bZC7bAHgztaYHNBUoAVGgJ7nLwW7DotlgbUEDiPJHXOxd/c/ZlXIB/cfUUqF+L5ThbMPhMcwRMspLy+nQdmHhih9k6SkvYqJoNqHT5/XeShb0RkIzvUWT2CYTPop5kAY5mMnatVTOY1FZPhHzk3G8MhOQ3r/elM/ecZxmjL8uozMN9kRGf1IL4DgQZfVqQRILdNSQGb0tfeiyirNZe1RlDw9UvMnZJOw0EkiC9lSSRhBWXXxAmxRrbNFTPQSp+/kiIGDmp2AsGhD11CfTDEU3wcLEUPBUqp1FYSzHncJyEKGy2Dpa5xaUJ0cuyGL4W3WHDXa4sTfY+AIXbQTD88Ujdsbfzyd6lrikG4D/crCurXissrh7q9DuYKWRI24cp5bw9lG33U1EXisnZqFyZNwMAmSj2QEGsHCwSevn0FgyRa2WYXgpZ9hfgY4le+ZSMo2JTosQ6DjGyxMDyQAHJ/ismTTzL67Q2p6U+73toYm62Qqdspw== (none)"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP0/DReYSAfkucroMTdELzTORsGhhbEa+W0FDFBnwViHuoqoKvetCOkW657icexc5v/j6Ghy3+Li9twbHnEDzUJVtNtauhGMjOcUYt6pTbeJ09CGSAh+orxzeY4vXp7ANb91xW8yRn/EE4ALxqbLsc/D7TUMl11fmf0UW+kLgU5TcUYVSLMjQqBpD1Lo7lXLrImloDxe5fwoBDT09E59r9tq6+/3aHz8mpKRLsIQIV0Av00BRJ+/OVmZuBd9WS35rfkpUYmpEVInSJy3G4O6kCvY/zc9Bnh67l4kALZZ0+6W23kBGrzaRfaOtCEcscwfIu+6GXiHOL33rrMNNinF0T2942jGc18feL6P/LZCzqz8bGdFNxT43jAGPeDDcrJEWAJZFO3vVTP65dTRTHQG2KlQMzS7tcif6YUlY2JLJIb61ZfLoShH/ini/tqsGT0Be1f3ndOFt48h4XMW1oIF+EXaHYeO2UJ6855m8Wpxs4bP/jX6vMV38IvvnHy4tWD50= alukard@AMD-Workstation"
@ -108,7 +104,5 @@ in
}
];
};
programs.zsh.enable = true;
};
}

4
modules/nixos/vpn/default.nix Normal file
View File

@ -0,0 +1,4 @@
{ ... }:
{
imports = [ ./tailscale.nix ];
}

0
modules/nixos/networking/tailscale.nix → modules/nixos/vpn/tailscale.nix
View File

40
modules/nixos/workspace/wayland.nix
View File

@ -1,40 +0,0 @@
{ config, lib, ... }:
let
inherit (builtins) hasAttr;
inherit (lib) getExe mkEnableOption mkIf;
cfg = config.ataraxia.wayland;
defaultUser = config.ataraxia.defaults.users.defaultUser;
session = {
command = "${getExe config.programs.uwsm.package} start hyprland-uwsm.desktop";
user = defaultUser;
};
in
{
options.ataraxia.wayland = {
enable = mkEnableOption "Enable wayland with compositor and other components";
hyprland.enable = mkEnableOption "Enable hyprland compositor";
};
config = mkIf cfg.enable {
programs.hyprland = mkIf cfg.hyprland.enable {
enable = true;
withUWSM = true;
};
services.greetd = {
enable = true;
settings = {
terminal.vt = 1;
default_session = session;
initial_session = session;
};
};
home-manager = mkIf (hasAttr "users" config.home-manager) {
users.${defaultUser} = {
ataraxia.wayland.hyprland.enable = cfg.hyprland.enable;
};
};
};
}

89
overlays/default.nix
View File

@ -1,7 +1,8 @@
inputs: final: prev:
let
inherit inputs;
inherit (prev.hostPlatform) system;
unstable = import inputs.nixpkgs-unstable {
master = import inputs.nixpkgs-master {
config = {
allowUnfree = true;
};
@ -12,62 +13,37 @@ in
# attic-client = inputs.attic.packages.${system}.attic;
# attic-server = inputs.attic.packages.${system}.attic-server;
# cassowary-py = inputs.cassowary.packages.${system}.cassowary;
hyprlandUnstable = unstable.hyprland;
hyprlandPortalUnstable = unstable.xdg-desktop-portal-hyprland;
heroic = (prev.heroic.override { extraPkgs = [ final.umu-launcher ]; });
intel-vaapi-driver = prev.intel-vaapi-driver.override { enableHybridCodec = true; };
mesaUnstable = unstable.mesa;
mesaUnstablei686 = unstable.driversi686Linux.mesa;
# nix-alien = inputs.nix-alien.packages.${system}.nix-alien;
# nix-direnv = inputs.nix-direnv.packages.${system}.default.override { nix = final.nix; };
# nix-fast-build = inputs.nix-fast-build.packages.${system}.default;
# nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update;
osu-lazer = unstable.osu-lazer;
osu-lazer-bin = unstable.osu-lazer-bin;
osu-lazer = master.osu-lazer;
osu-lazer-bin = master.osu-lazer-bin;
# prismlauncher = inputs.prismlauncher.packages.${system}.prismlauncher.override {
# jdks = [ final.temurin-bin ];
# };
proton-ge-bin = unstable.proton-ge-bin;
xray = unstable.xray;
xray = master.xray;
# youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
# yt-archivist = prev.callPackage ./packages/yt-archivist { };
yt-dlp = unstable.yt-dlp;
sing-box = unstable.sing-box;
wine = prev.wineWow64Packages.stagingFull;
# Patch spotify with spotx
spotify = prev.spotify.overrideAttrs (
oa:
let
spotx = prev.fetchurl {
url = "https://raw.githubusercontent.com/SpotX-Official/SpotX-Bash/b1de24ec4c23c45da373dcb64a44e372253a0c16/spotx.sh";
hash = "sha256-/p6cJKzaZzjcLJISFudstQjs+lPXnXx4f0vxKbF9Sqw=";
yt-dlp = master.yt-dlp;
sing-box = master.sing-box;
steam = prev.steam.override {
extraPkgs =
pkgs:
builtins.attrValues {
inherit (pkgs)
mono
libkrb5
keyutils
;
};
in
{
nativeBuildInputs =
oa.nativeBuildInputs
++ (with prev; [
perl
unzip
util-linux
zip
]);
postUnpack =
oa.postUnpack or ""
+ ''
patchShebangs --build ${spotx}
'';
postInstall =
oa.postInstall or ""
+ ''
bash ${spotx} -f -h -P "$out/share/spotify"
'';
}
);
};
wine = prev.wineWow64Packages.stagingFull;
# Move modprobed config to subdir. Easier to use with impermanence
modprobed-db = prev.modprobed-db.overrideAttrs (oa: {
nativeBuildInputs = [ prev.makeWrapper ] ++ oa.nativeBuildInputs or [ ];
postPatch =
(oa.postPatch or "")
+ ''
@ -76,24 +52,19 @@ in
substituteInPlace ./common/modprobed-db.skel \
--replace-fail "/.config" "/.config/modprobed-db"
'';
postInstall =
(oa.postInstall or "")
+ ''
wrapProgram $out/bin/modprobed-db \
--set PATH ${
with final;
lib.makeBinPath [
gawk
getent
coreutils
gnugrep
gnused
kmod
]
}
'';
});
# TODO: remove after ver > v0.47.2
hyprland =
if prev.hyprland.version == "0.47.2" then
(prev.hyprland.overrideAttrs (oa: {
patches = (oa.patches or [ ]) ++ [
./patches/hyprland-tablet.patch
];
}))
else
prev.hyprland;
pass-secret-service = prev.pass-secret-service.overrideAttrs (_: {
installCheckPhase = null;
postInstall = ''

14
secrets/blueshift/marzban.env
View File

@ -1,14 +0,0 @@
SUDO_USERNAME=ENC[AES256_GCM,data:4QMSmmaPB10=,iv:KveMQ+EdfltGzQRRA+cm1MaRlsLypOhlWHdCumHLQS4=,tag:v30WjSutCxO9LDv3wFZHMA==,type:str]
SUDO_PASSWORD=ENC[AES256_GCM,data:IPJGUQiB6jMObUsUdw==,iv:N9cw9aGkmgIYmmrNkQYQ5PFdrmYKC8Tdgr4yb/96U5A=,tag:/yYIC/rKCttSgBBGvjCe2A==,type:str]
#ENC[AES256_GCM,data:P0rsl7K5MZceskgE/JrUlB7vTlKh0kP5Al1lH1CBUZKeVVGdbfW/VOy6CkNo8QuOUQqkzWocH0TNKzSEBw8et6s=,iv:uxHc50I95zeI/jkC60HOfzgftDBxdQM1/wqb8emrTSc=,tag:JaeHm9KAbh/KS+TIRrfWlw==,type:comment]
#ENC[AES256_GCM,data:u8NnWvULwXIg0mqTlPoOlpBgWn6LU+zsrd4P,iv:MxUYe7rI7u98wnKD1ichiYeTw/o5+E2c+22qTXRZTSI=,tag:DgkxQNi6EItuRl+av6rH3Q==,type:comment]
SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str]
XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6SnM1bjFKWWVjZzNCVmtj\nZkh0RTRaMlRGak1NNS9lOHFzTUR4NDZzSlZvCkRJYVVrT3Y5M0dES2ZSRkFndzZT\nTjc3bVllQXVRNm50ZDRyeEdOd1BDSmMKLS0tIGRhL2dRUG9QYkV6MFg0S1ZxVmNO\nclBGSlVZWDFqd3dzbCtvdWhhN1JFem8KSmlLbHgadYP7UJS/3xS+6IzI5QoNo82G\nLwzK4mYntl6OyAf06d1h+FfICpJYZDm3oQ1ClekztahnoRcbGPdxCA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age13phpsegg6vu7a34ydtfa9s904dfpgzqhzru7epnky7glezk0xvkst9qh6h
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFamtySkR0ZUlGUWdLMjNN\nL2JHc0lxQnBLNitjWkhiUzNUWEJiYTZsVEZZClNLRjhoUEo3dmFoaCt2cnhIcDZ5\nRU52a2ptekV5SnhjcUZGOUEwM2lyR2MKLS0tIFQ5c1BvSHJjaW8zc0svZ0hwQWxj\nNnFocGZPMHh5TUlteFhhaUdON1dkUVkKtPis8qNF+6/Ah/o/loIjC00ZK8bCL67I\nLHgm+KU7DhVlvtr6eRpcj2OsSdc7sjT+ZqXwDG8WVaAAt/2SlTuEnA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x
sops_lastmodified=2024-02-27T16:26:33Z
sops_mac=ENC[AES256_GCM,data:bWpVRMOaYvvOFMWksVXSPWmG5l/XDCSnnLovuf1cgn98yabzbYheBchhb3sgM3PWG2P/NwnxM3krVPdUMJ7vQVMp5uAph53rVRdmgUDXAEaRGkRzR4nAIi8eDKc1C/a+ifxNjsi2VOS0+rSdWOtUa1jdQx23tvACz1NXGw3G7SI=,iv:s6vfppM8PRA+ryzMvDSklH7HwgbDjCyK0/QHp+/2UNs=,tag:OwtdXGrP9XAREPbvbxqWUw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

28
secrets/blueshift/nginx.yaml
View File

File diff suppressed because one or more lines are too long

47
secrets/proxy.yaml
View File

File diff suppressed because one or more lines are too long

6
secrets/redshift/marzban.env
View File

@ -4,9 +4,9 @@ SUDO_PASSWORD=ENC[AES256_GCM,data:IPJGUQiB6jMObUsUdw==,iv:N9cw9aGkmgIYmmrNkQYQ5P
#ENC[AES256_GCM,data:u8NnWvULwXIg0mqTlPoOlpBgWn6LU+zsrd4P,iv:MxUYe7rI7u98wnKD1ichiYeTw/o5+E2c+22qTXRZTSI=,tag:DgkxQNi6EItuRl+av6rH3Q==,type:comment]
SQLALCHEMY_DATABASE_URL=ENC[AES256_GCM,data:bQJGB/c/pTuAPev2zxcLu1cNg2TmlHH9iY2kQH4qfqRwh/Fcjg==,iv:CeQZ8qcNLiVgtGI/4Egod6VaXamCfAKHi4jrgzXKl9Q=,tag:VX0J3r6RjnS5utJ/UDK1hQ==,type:str]
XRAY_JSON=ENC[AES256_GCM,data:28Wkv4CG4hpG9h51d2ge3AUO2MdVuRBjPuw1bxFwYqhT,iv:MooWqI5QCmk0JXWdKxA40UIFaaIxG3EakMQ1jBH8TVI=,tag:Fmnqdg9mvRVvm/0O7VNFGw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGR25JZ3ZjQjNRTTEwd2pC\nUkVVM1lNMEhXQzMxc3JqRXlDNXQzZGZHWEVRCktXN1VWbGtzSXBLbHdVWUFQZkU4\ndE5QZkE3dEpVS1NtUUU0MkNtcXNMLzgKLS0tIDhqUm1xaGVFbyt4WHdFRGlOaWZz\nbDVqeDRZU08wU2xVMm8xUFNQY1QzMncKt8Diaxil0Fvar+zjh9mVF1Wi8I2sMslg\nSn61U0uqzN2T5Nw2gAocb1YmC0N3PNVOVDZrNvvqC8i+EUhf0rwSGg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age13phpsegg6vu7a34ydtfa9s904dfpgzqhzru7epnky7glezk0xvkst9qh6h
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiOGl5L3VacGpoWlJDVzV4\nY3ZRaEFsZzhlTWlTQW9hbHQzWGgwQkZSeEZZCmNvUVdBNE1yOVAwS1RraXUwRmZT\nZXRCL1VXVVNHWlh5MG5mREVOa0dFT00KLS0tIHFhSlJmWnFKRGNkaVVMaFpBZE51\ncndPdGlNTkZwbG1EckxOSG42cDdXV1UKgILv8iRO0v3QA8EYxw61Jleg4RI+HP1o\ng8yphKIzzqIBuXm/DlSZJyembysmrT/AgWzWhkSxyslNCi+uQfdabw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxV1VPQ2V5WjltK0JDUXhU\nWENHRUxFS0M1RjJjekNYeHlSSlhmNmE4eEUwCnpMWStLd1B6Q29DWTJLbURGdTJk\ndHY0RHFRRmFEaFNpOUxROTVWK0V6UmsKLS0tIEI0blZ1SlhBV3lpdGlGTWtWd3F1\nK0hNQjFDMG1sTWJCNFp1OE1kdlpydHcKzjus65hl6IVKdgS18xY20dgG+Blm15NE\nwf31QfHahDdY4r8DviX2/algiELvbTWNBicDOjvoiyhItPRX+9nN3Q==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUbmlBd3FJcjMyVldhL3BG\nc2s3YnlCenRNdXJ2VVlnU0lTZUU3MUh1TVZFClArSlM5Ylhya2JHT3RQQkZFRXVH\nblgwR0dJdmdOTUxsZERBc3pYbld0NncKLS0tIGc3bTdxbGg5cGdYYThwMkR2RlRF\ndTlNWGhoeXBueVZtbjdYS2JCVVpwSmsKzujU4pXFhI3Sa4TSYZRgkMpOqdKN7+jT\nTi8zqO0oRQAMnIAq+AYiMDIgi/ngiAxo5HeTIM2wZ7oRX6XsPZKH/w==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
sops_lastmodified=2024-02-27T16:26:33Z
sops_mac=ENC[AES256_GCM,data:bWpVRMOaYvvOFMWksVXSPWmG5l/XDCSnnLovuf1cgn98yabzbYheBchhb3sgM3PWG2P/NwnxM3krVPdUMJ7vQVMp5uAph53rVRdmgUDXAEaRGkRzR4nAIi8eDKc1C/a+ifxNjsi2VOS0+rSdWOtUa1jdQx23tvACz1NXGw3G7SI=,iv:s6vfppM8PRA+ryzMvDSklH7HwgbDjCyK0/QHp+/2UNs=,tag:OwtdXGrP9XAREPbvbxqWUw==,type:str]

27
secrets/redshift/nginx.yaml
View File

File diff suppressed because one or more lines are too long

45
secrets/rustic.yaml
View File

@ -9,44 +9,31 @@ rustic-minio-secret-key: ENC[AES256_GCM,data:Jkn0mHcLFWS/euPCYtEF3hXN4Jx8PHZHA3R
rclone-s3-sync: ENC[AES256_GCM,data:oBDntYhuThzmImRgpBSsgqDwXs4+wJxAOZKH3vlKfH+9CXYNI1ks92t8Ywr/wltikvXiVbKuztY7Iuqe4Mkl0K9onYYcmrMDqyuLXRV/WPXNaAwyOyFUS17dxcqoyG51T0zzb1l4LH+GTrLw7m7RD7y7XFU/uidAUuBnQHAQpu8xRI/5PLcSaae+KfmoJGpZBX4BawXMHzRKKo462Muw/1FbBQpC0ERvTd34oSke32+Ni3MNdg/nOVyczYIQ+TPNhtgiSNXFJFPaXWMrIh29jhyJv7M2k4nYzNzb3A2miGCxWRDNy7bxZTDeVLgJUZT3KJNyb8BGLhu2v54WSbm01I1pP+//xYSZI0JER4fCZpdGodr2TV6u7YOyVxa1pZ7C7O9T/dd2O9NbgQY1Azc9MhiIXZnT58j72SNvhDNtCloM50R0LYmagCj2alP3Z4W7L+BdtaU58hWFCM2P8EIYbPkz8wK4/i1XARvZU9i+cRWZCoKi+yi0cV2yKOYlFEW0RmO9G3rC6a31YITwfpHhQw9IFuZXwdwZdf4OIuw12BIXfeUQJWqIl4QRSnOSzCggSZngwhoq/r46Oh2Jn9xXuVO6Hlod8pGyxKovO9bGQl3ioIU/KAhKp88k/BDS7YM4HhAEPNjvsSZgRGf21G7Z4ypi6a2grMTGgIKbOA3KEe2CKrSEVq7JRF5m1uAPJ2zrgbBrSwI0qkhGfn+SERMVtyzkIvTQkEQJ/g==,iv:jWhHLIccl1Pgr55xEMd2ED8FS3pvRjnuugMJ0sHnuW4=,tag:upgyBz2AA2zhidFIkcVrpw==,type:str]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age13phpsegg6vu7a34ydtfa9s904dfpgzqhzru7epnky7glezk0xvkst9qh6h
- recipient: age1n0prg9vynuwc56gn0xfe5qde8wqcd4uzg5ghhhetu2024ckvjyvqxf49el
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWmZKOUMzdUttMjNhMDdn
Rzdvek1vaEFPTWI2V1NjbllQYW1WMDltdWlnCkFuMmlJVmhsZGpMMThFSnB5NHZR
UGFHMjNrcXNVRXlZNmhMNzZIQ2dRZDQKLS0tIHlYRGlycWpwZDZpWXB4QkJaZHhK
d0prY25HUWpkcW5ieVFXR0dLV29ReVEK1AbWCfgR5To43PXD/KUn2X4SFe/Wz18d
p40f6D56CKxmi9pb3lQriTipsxVqTXq/U1oDZP3YoeLWfxL4IHCSZA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1kj70enq8ynqdnl04l5d0v43vcn0de0snn732wfxdxrgxhp72myeq93e9ts
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3SVIwR1czazExOXN6Mkoz
TzRUT3Z0cnlLbThsVXB2RE1VRGxOcVdzdnhVClo2ay96QTBQRHFqTlJrZnZOQ1FN
RTV6WDdFQXY0KzRwUHozMTJpdmdxUk0KLS0tIDFUQ2Z1a3J0azRGbEJuWlVXUEQv
OTBuTWgvQWd4Mk5ycjhhM3U4Rkxnb00Ku8magoehW+QD8NS0f6bS1blFUoFRZhNc
704vrRVSUeweOcumjDSr4aep4KjJWRHUBgbIv2NX5O3ArLIkWTuyTg==
-----END AGE ENCRYPTED FILE-----
- recipient: age186qkn94ck9lz0nmx57m37jwgwws5pgcs40q8d8uaetytz4gp6p9qlftp5x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlL2wrN1hvMmU2eWNFeVdD
cXVGdVR5eHR2SDc2cGE3bThDSzBaTnk0R0RNCkFTQ2RSVTNpSnNRRUh6LzBCWFZ0
S2hGbDlqbWYwV0JiSTdlRVFiZmxkQ2cKLS0tIEIzRmlsWksveVAyaU9kWmMvNitR
WkVVTGUxWGVrL0ZKQ2RXbE5wK0w0eGsKHz2PcPvOsygtbMZkapmbBUKoJUYGUwWq
1RbhZGFi2bzqKWGJl08cTXaEvZ25i3aFt88doZAw1B1WiNI3XpYBaA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeWJOVEFXTXJrcGYyWWlp
TkxrTmpNanR5QmVaYUlKV1JXYnh0L0ViRmdvCmtTR3hUUExkejBkcVNuYUpqRjdZ
dlQ4SkRyL2txM2FSK201SU9adUQ2NUEKLS0tIDN0eDRLZGZWMnFUQWFjZnpjWk9J
VjBGTVZpYm1kOWw0aGlNaURvb2Q0aVUKPZ2BkHEWV1qsOcEIvF6iiLV0ZSJ7kGT3
B7LZx44DUIFuwEXzmnzKf6BkdFNpCqSqWODxTYHm3UcHU2qshux+0g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d4mqql020mpne9r3vtt4l9ywfzfq7zpa3mad33syxln2kldkjsxqgju90f
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAza1o1K0QwVzM1OXZjT1N0
TFRHbUNIZTRiaUEzcHNMSmNramprMmdpckJnCklZck14Qis5TXJSTTkyem9FR2JZ
VUd1azZQM0REd3lmSGlTZ3YyTXR0R2sKLS0tIHVTSlBIc05aOWtDeVFrV1FDNXBT
OGlGTzRHWSs5OUJZb0V5VTIzNGc4UjAKFOfZX4UrbtzXGKYJ8c0TgDY+kvY1pRWH
ETslhYtbtnaqI1a4rdRv+sKFbuEOV38sJZ6NuKR0Lfqw1GohWyA1vQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMzFGQ3pzbTNoR25pOTRx
QUk3TzgzeUhCNzg2ODg2SENZbkJpTDREK2dzCnZQdkxMQ1RhaFdCZDlZellYd25K
RTBCNDJWUFoyZTJ3dWtqYlJFSU5uc0UKLS0tIENKYmlKUjB2ZjFmZzZpQ3V4dDQ0
eklFdUdEOWlnWndpai94QnFUU1F3NmMKVOQtq31dODV1rK7hZMfw295OkQeXq81u
VBQVVcYaup6IynBuQYE9eNL5euMwsV/pCv9N+PC3J6WdhdK336ZCDQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-08T15:01:54Z"
mac: ENC[AES256_GCM,data:euc66CxC9LHiJYKiMaEWunIZCHd2ZGl1YcFIJWmv2/x1pMRSnQ85yCL5Fpu8crjaayDYGJJVmMBVeU8trmaoqzYE1pWtUSIQo2QligJ1k8T5erdakSwv6keHrxczS1gEkS1Ygl6xieZUY5mcwY1Wyz7ZMeAeiIpIaraSf8Uydu8=,iv:OMGVEmOHnJbFzVpfCtvt3jrw6vP5dCib/HfcKpbSZ7k=,tag:wTtzNCE6BB3S7x2wWNYq1A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1