isla: upstream

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-03-25 18:49:27 +03:00 · 2026-03-25 18:49:27 +03:00 · 1a891252ab
commit 1a891252ab
parent 793b14918a
16 changed files with 32 additions and 324 deletions
--- a/isla/boot/initrd.nix
+++ b/isla/boot/initrd.nix
@ -1,4 +1,4 @@
-{lib, ...}: {
+_: {
  boot = {
    initrd = {
      availableKernelModules = [
@ -17,13 +17,8 @@
      supportedFilesystems = {
        vfat = true;
        btrfs = true;
-        zfs = lib.mkForce false;
      };

-      kernelModules = [
-        "i915"
-      ];
-
      luks = {
        devices = {
          cryptroot = {
--- a/isla/boot/kernel.nix
+++ b/isla/boot/kernel.nix
@ -1,8 +1,4 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
+{pkgs, ...}: {
  boot = {
    kernel = {
      sysctl = {
@ -16,13 +12,9 @@
      };
    };

-    kernelPackages = pkgs.linuxPackages_zen;
-    extraModprobeConfig = ''
-      options thinkpad_acpi  fan_control=1
-    '';
+    kernelPackages = pkgs.linuxPackages_latest;

    kernelParams = [
-      "i915.enable_rc6=7"
      "udev.log_priority=3"
      "quiet"
      "splash"
@ -35,15 +27,12 @@
      "page_alloc.shuffle=1"
      "page_poison=1"
      "slab_nomerge"
+      "zswap.enabled=0"

      "kernel.watchdog=0"
      "oops=panic"
    ];

-    kernelModules = [
-      "tp_smapi"
-    ];
-
    blacklistedKernelModules = [
      "k10temp"
      "ax25"
@ -77,9 +66,6 @@
    supportedFilesystems = {
      vfat = true;
      btrfs = true;
-      zfs = lib.mkForce false;
    };
-
-    # consoleLogLevel = 0;
  };
 }
--- a/isla/default.nix
+++ b/isla/default.nix
@ -3,7 +3,7 @@
    "${self}/isla/disko/disk.nix"
    "${self}/isla/disko/lvm_vg.nix"

-    "${self}/isla/boot/loader/system-boot.nix"
+    "${self}/isla/boot/loader/systemd-boot.nix"
    "${self}/isla/boot/lanzaboote.nix"
    "${self}/isla/boot/initrd.nix"
    "${self}/isla/boot/kernel.nix"
--- a/isla/disko/disk.nix
+++ b/isla/disko/disk.nix
@ -2,7 +2,7 @@ _: {
  disko = {
    devices = {
      disk = {
-        main = {
+        "main" = {
          device = "/dev/disk/by-id/ata-ST92503010AS_5YH0CJFL";
          type = "disk";
          content = {
--- a/isla/home-manager/users.nix
+++ b/isla/home-manager/users.nix
@ -1,19 +1,15 @@
-{
-  inputs,
-  self,
-  ...
-}: {
+{self, ...}: {
  home-manager = {
    users = {
-      hand7s = {
+      "hand7s" = {
        imports = [
          "${self}/hand7s/"
-          inputs.spicetify-nix.homeManagerModules.default
-          inputs.hyprland.homeManagerModules.default
-          inputs.chaotic.homeManagerModules.default
-          inputs.sops-nix.homeManagerModules.sops
-
-          inputs.nix-index-database.homeModules.nix-index
+          self.inputs.spicetify-nix.homeManagerModules.default
+          self.inputs.hyprland.homeManagerModules.default
+          self.inputs.chaotic.homeManagerModules.default
+          self.inputs.sops-nix.homeManagerModules.sops
+          self.inputs.nix-index-database.homeModules.nix-index
+          self.inputs.noctalia.homeModules.default
        ];
      };
    };
@ -22,7 +18,6 @@

    extraSpecialArgs = {
      inherit
-        inputs
        self
        ;
    };
--- a/isla/networking/hostname.nix
+++ b/isla/networking/hostname.nix
@ -1,5 +1,5 @@
 _: {
  networking = {
-    hostName = "s0melapt0p-nix";
+    hostName = "isla";
  };
 }
--- a/isla/networking/hosts.nix
+++ b/isla/networking/hosts.nix
@ -1,64 +0,0 @@
-_: {
-  networking = {
-    hosts = {
-      # EVA00
-      "100.109.169.141" = [
-        "eva00-nix.netbird.cloud"
-        "eva00-nix"
-      ];
-
-      "90.156.226.152" = [
-        "eva00-nix.lan"
-        "eva00-nix"
-      ];
-
-      "200:deb2:ed25:a9e5:e30:4900:f88f:cb87" = [
-        "eva00-nix.ygg"
-        "eva00-nix"
-      ];
-
-      # EVA01
-      "100.109.107.176" = [
-        "eva01-nix.netbird.cloud"
-        "eva01-nix"
-      ];
-
-      "37.114.50.235" = [
-        "eva01-nix.lan"
-        "eva01-nix"
-      ];
-
-      "200:6ef:a61f:2f01:71d4:196:ab70:2103" = [
-        "eva01-nix.ygg"
-        "eva01-nix"
-      ];
-
-      # EVA02
-      "100.109.178.135" = [
-        "eva02-nix.netbird.cloud"
-        "eva02-nix"
-      ];
-
-      "51.195.222.85" = [
-        "eva02-nix.lan"
-        "eva02-nix"
-      ];
-
-      "201:52d6:c753:c1fd:f8b6:5897:cc6a:e1be" = [
-        "eva02-nix.ygg"
-        "eva02-nix"
-      ];
-
-      # nerv-nix
-      "100.109.7.114" = [
-        "nerv-nix.netbird.cloud"
-        "nerv-nix"
-      ];
-
-      "200:7abc:53c9:be8a:9941:96d:221b:cc76" = [
-        "nerv-nix.ygg"
-        "nerv-nix"
-      ];
-    };
-  };
-}
--- a/isla/nix/settings/substituters.nix
+++ b/isla/nix/settings/substituters.nix
@ -9,10 +9,10 @@ _: {
        # cachix
        "https://nix-community.cachix.org/"
        "https://chaotic-nyx.cachix.org/"
-        "https://ags.cachix.org"
        "https://hyprland.cachix.org"
        "https://chaotic-nyx.cachix.org/"
-        "https://colmena.cachix.org"
+        # nix-community
+        "https://hydra.nix-community.org/"
      ];
    };
  };
--- a/isla/services/yggdrasil.nix
+++ b/isla/services/yggdrasil.nix
@ -1,46 +0,0 @@
-{config, ...}: {
-  services = {
-    yggdrasil = {
-      enable = true;
-      persistentKeys = false;
-      settings = {
-        PrivateKey = config.sops.secrets.yggKeyLT.path;
-
-        Peers = [
-          # only 1W+ peers (some exeptions are possible)
-
-          # Russia
-          "tls://yggno.de:18227"
-          "tcp://yggno.de:18226"
-
-          "tcp://kzn1.neonxp.ru:7991"
-          "tls://kzn1.neonxp.ru:7992"
-          "ws://kzn1.neonxp.ru:7993"
-          "quic://kzn1.neonxp.ru:7994"
-        ];
-
-        Listen = [
-          #
-        ];
-
-        MulticastInterfaces = [
-          {
-            Regex = ".*";
-            Beacon = true;
-            Listen = false;
-            Password = "";
-          }
-        ];
-
-        AllowedPublicKeys = [
-          #
-        ];
-
-        IfName = "auto";
-
-        IfMTU = 65535;
-        NodeInfoPrivacy = false;
-      };
-    };
-  };
-}
--- a/isla/services/zapret.nix
+++ b/isla/services/zapret.nix
@ -1,145 +0,0 @@
-_: {
-  services = {
-    zapret = {
-      enable = true;
-      configureFirewall = true;
-      qnum = 350;
-      params = [
-        "--wssize 1:6"
-
-        "--filter-tcp=80"
-        "--dpi-desync=multisplit"
-        "--dpi-desync-split-pos=10"
-        "--dpi-desync-repeats=6"
-        "--new"
-
-        "--filter-tcp=443"
-        "--dpi-desync=multidisorder"
-        "--dpi-desync-split-pos=1,midsld"
-        "--new"
-
-        "--filter-tcp=443"
-        "--dpi-desync=syndata"
-        "--dpi-desync-fake-syndata=0x00000000"
-        "--dpi-desync-ttl=10"
-        "--new"
-
-        "--filter-udp=443"
-        "--dpi-desync=fake"
-        "--dpi-desync-repeats=6"
-        "--dpi-desync-fake-quic=0x00000000"
-        "--new"
-
-        "--filter-udp=443"
-        "--dpi-desync=fake,udplen"
-        "--dpi-desync-udplen-increment=5"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-cutoff=n3"
-        "--dpi-desync-repeats=2"
-        "--new"
-
-        "--filter-tcp=443"
-        "--dpi-desync=split"
-        "--dpi-desync-fooling=md5sig,badseq"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-split-pos=1"
-        "--dpi-desync-repeats=10"
-        "--new"
-
-        "--filter-tcp=443"
-        "--dpi-desync=fake,split2"
-        "--dpi-desync-fooling=md5sig"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-split-seqovl=2"
-        "--dpi-desync-split-pos=2"
-
-        "--dpi-desync-autottl"
-        "--new"
-        "--filter-tcp=443"
-        "--dpi-desync=fake,split2"
-        "--dpi-desync-fooling=md5sig"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-split-seqovl=2"
-        "--dpi-desync-split-pos=2"
-        "--dpi-desync-autottl"
-        "--new"
-
-        "--filter-tcp=80"
-        "--dpi-desync=fake,split2"
-        "--dpi-desync-fooling=md5sig"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-autottl"
-        "--new"
-
-        "--filter-tcp=80"
-        "--dpi-desync-ttl=1"
-        "--dpi-desync-autottl=2"
-        "--dpi-desync-fake-tls=0x00000000"
-        "--dpi-desync-split-pos=1"
-        "--dpi-desync=fake,split2"
-        "--dpi-desync-repeats=6"
-        "--dpi-desync-fooling=md5sig"
-        "--new"
-      ];
-
-      whitelist = [
-        "googlevideo.com"
-        "youtu.be"
-        "youtube.com"
-        "youtubei.googleapis.com"
-        "googlevideo.com"
-        "youtu.be"
-        "youtube.com"
-        "youtubei.googleapis.com"
-        "youtubeembeddedplayer.googleapis.com"
-        "ytimg.l.google.com"
-        "ytimg.com"
-        "jnn-pa.googleapis.com"
-        "youtube-nocookie.com"
-        "youtube-ui.l.google.com"
-        "yt-video-upload.l.google.com"
-        "wide-youtube.l.google.com"
-        "youtubekids.com"
-        "ggpht.com"
-        "music.youtube.com"
-        "test.googlevideo.com"
-        "discord.com"
-        "gateway.discord.gg"
-        "cdn.discordapp.com"
-        "discordapp.net"
-        "discordapp.com"
-        "discord.gg"
-        "media.discordapp.net"
-        "images-ext-1.discordapp.net"
-        "discord.app"
-        "discord.media"
-        "discordcdn.com"
-        "discord.dev"
-        "discord.new"
-        "discord.gift"
-        "discordstatus.com"
-        "dis.gd"
-        "discord.co"
-        "discord-attachments-uploads-prd.storage.googleapis.com"
-        "7tv.app"
-        "7tv.io"
-        "10tv.app"
-        "x.com"
-        "t.co"
-        "ads-twitter.com"
-        "twimg.com"
-        "twitter.com"
-        "pscp.tv"
-        "twtrdns.net"
-        "twttr.com"
-        "periscope.tv"
-        "tweetdeck.com"
-        "twitpic.com"
-        "twitter.co"
-        "twitterinc.com"
-        "twitteroauth.com"
-        "twitterstat.us"
-      ];
-    };
-  };
-}
--- a/isla/services/zerotier.nix
+++ b/isla/services/zerotier.nix
@ -1,10 +0,0 @@
-_: {
-  services = {
-    zerotierone = {
-      enable = true;
-      joinNetworks = [
-        # nope
-      ];
-    };
-  };
-}
--- a/isla/time/timeZone.nix
+++ b/isla/time/timeZone.nix
@ -1,6 +1,5 @@
 _: {
  time = {
    timeZone = "Europe/Moscow";
-    hardwareClockInLocalTime = true;
  };
 }
--- a/isla/users/users/hand7s.nix
+++ b/isla/users/users/hand7s.nix
@ -1,17 +1,23 @@
-_: {
+{lib, ...}: {
  users = {
    users = {
-      hand7s = {
+      "hand7s" = {
        description = "me";
        isSystemUser = false;
        isNormalUser = true;
-        initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/";
+        initialHashedPassword = lib.hashString "sha512" "hand7s";
        extraGroups = [
          "wheel"
-          "networkmanager"
-          "docker"
+        ];
+
+        openssh = {
+          authorizedKeys = {
+            keys = [
+              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com"
            ];
          };
        };
      };
+    };
+  };
 }
--- a/isla/users/users/root.nix
+++ b/isla/users/users/root.nix
@ -1,8 +1,8 @@
 _: {
  users = {
    users = {
-      root = {
-        initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0";
+      "root" = {
+        initialHashedPassword = lib.hashString "sha512" "root";
      };
    };
  };
--- a/isla/virtualisation/docker.nix
+++ b/isla/virtualisation/docker.nix
@ -1,10 +0,0 @@
-_: {
-  virtualisation = {
-    docker = {
-      enable = true;
-      rootless = {
-        enable = true;
-      };
-    };
-  };
-}
--- a/isla/xdg/portal.nix
+++ b/isla/xdg/portal.nix
@ -20,8 +20,10 @@
      };

      extraPortals = with pkgs; [
+        xdg-desktop-portal
        xdg-desktop-portal-gtk
        xdg-desktop-portal-wlr
+        xdg-desktop-portal-termfilechooser
      ];
    };
  };