From 3640ca2a81edb3be84838ad982445ead93f76aa4 Mon Sep 17 00:00:00 2001 From: s0me1newithhand7s Date: Sun, 8 Feb 2026 22:23:05 +0300 Subject: [PATCH] wanda: new host (NixOS-WSL) Signed-off-by: s0me1newithhand7s --- flake.nix | 23 +++++ wanda/console/console.nix | 5 ++ wanda/default.nix | 89 ++++++++++++++++++++ wanda/environment/systemPackages.nix | 17 ++++ wanda/environment/variables.nix | 17 ++++ wanda/hardware/default.nix | 8 ++ wanda/hardware/zram.nix | 8 ++ wanda/home-manager/users.nix | 28 ++++++ wanda/i18n/locales.nix | 9 ++ wanda/networking/dhcp.nix | 10 +++ wanda/networking/firewall.nix | 8 ++ wanda/networking/hostId.nix | 5 ++ wanda/networking/hostname.nix | 5 ++ wanda/networking/hosts.nix | 7 ++ wanda/networking/nameservers.nix | 29 +++++++ wanda/networking/networkmanager.nix | 9 ++ wanda/networking/timeServers.nix | 10 +++ wanda/networking/wireguard.nix | 7 ++ wanda/nix/package.nix | 5 ++ wanda/nix/settings/allowed-users.nix | 10 +++ wanda/nix/settings/auto-optimise-store.nix | 7 ++ wanda/nix/settings/experimental-features.nix | 10 +++ wanda/nix/settings/substituters.nix | 19 +++++ wanda/nix/settings/trusted-public-keys.nix | 19 +++++ wanda/nix/settings/trusted-substituters.nix | 19 +++++ wanda/nix/settings/trusted-users.nix | 9 ++ wanda/nixpkgs/config.nix | 8 ++ wanda/nixpkgs/overlays.nix | 6 ++ wanda/nixpkgs/system.nix | 6 ++ wanda/programs/nh.nix | 12 +++ wanda/programs/ssh.nix | 8 ++ wanda/security/pam/yubico.nix | 15 ++++ wanda/security/polkit.nix | 10 +++ wanda/security/rtkit.nix | 7 ++ wanda/security/sudo-rs.nix | 9 ++ wanda/security/sudo.nix | 7 ++ wanda/services/greetd.nix | 18 ++++ wanda/services/irqbalance.nix | 7 ++ wanda/services/libinput.nix | 15 ++++ wanda/services/netbird.nix | 7 ++ wanda/services/openssh.nix | 22 +++++ wanda/services/pipewire.nix | 66 +++++++++++++++ wanda/services/qmk.nix | 9 ++ wanda/services/resolved.nix | 39 +++++++++ wanda/services/scx.nix | 8 ++ wanda/services/sunshine.nix | 10 +++ wanda/services/usbmuxd.nix | 8 ++ wanda/services/xserver.nix | 26 ++++++ wanda/services/yubikey-agent.nix | 8 ++ wanda/services/zerotier.nix | 10 +++ wanda/system/name.nix | 5 ++ wanda/system/stateVersion.nix | 5 ++ wanda/systemd/oomd.nix | 10 +++ wanda/systemd/slices/root-slice.nix | 14 +++ wanda/systemd/slices/system-slice.nix | 14 +++ wanda/systemd/slices/user-slice.nix | 14 +++ wanda/time/timeZone.nix | 6 ++ wanda/users/mutableUsers.nix | 5 ++ wanda/users/users/hand7s.nix | 15 ++++ wanda/users/users/root.nix | 9 ++ wanda/virtualisation/docker.nix | 10 +++ wanda/wsl/default.nix | 8 ++ wanda/wsl/wslConf.nix | 13 +++ wanda/xdg/icons.nix | 7 ++ wanda/xdg/mime.nix | 11 +++ wanda/xdg/portal.nix | 35 ++++++++ 66 files changed, 914 insertions(+) create mode 100644 wanda/console/console.nix create mode 100644 wanda/default.nix create mode 100644 wanda/environment/systemPackages.nix create mode 100644 wanda/environment/variables.nix create mode 100644 wanda/hardware/default.nix create mode 100644 wanda/hardware/zram.nix create mode 100644 wanda/home-manager/users.nix create mode 100644 wanda/i18n/locales.nix create mode 100644 wanda/networking/dhcp.nix create mode 100644 wanda/networking/firewall.nix create mode 100644 wanda/networking/hostId.nix create mode 100644 wanda/networking/hostname.nix create mode 100644 wanda/networking/hosts.nix create mode 100644 wanda/networking/nameservers.nix create mode 100644 wanda/networking/networkmanager.nix create mode 100644 wanda/networking/timeServers.nix create mode 100644 wanda/networking/wireguard.nix create mode 100644 wanda/nix/package.nix create mode 100644 wanda/nix/settings/allowed-users.nix create mode 100644 wanda/nix/settings/auto-optimise-store.nix create mode 100644 wanda/nix/settings/experimental-features.nix create mode 100644 wanda/nix/settings/substituters.nix create mode 100644 wanda/nix/settings/trusted-public-keys.nix create mode 100644 wanda/nix/settings/trusted-substituters.nix create mode 100644 wanda/nix/settings/trusted-users.nix create mode 100644 wanda/nixpkgs/config.nix create mode 100644 wanda/nixpkgs/overlays.nix create mode 100644 wanda/nixpkgs/system.nix create mode 100644 wanda/programs/nh.nix create mode 100644 wanda/programs/ssh.nix create mode 100644 wanda/security/pam/yubico.nix create mode 100644 wanda/security/polkit.nix create mode 100644 wanda/security/rtkit.nix create mode 100644 wanda/security/sudo-rs.nix create mode 100644 wanda/security/sudo.nix create mode 100644 wanda/services/greetd.nix create mode 100644 wanda/services/irqbalance.nix create mode 100644 wanda/services/libinput.nix create mode 100644 wanda/services/netbird.nix create mode 100644 wanda/services/openssh.nix create mode 100644 wanda/services/pipewire.nix create mode 100644 wanda/services/qmk.nix create mode 100644 wanda/services/resolved.nix create mode 100644 wanda/services/scx.nix create mode 100644 wanda/services/sunshine.nix create mode 100644 wanda/services/usbmuxd.nix create mode 100644 wanda/services/xserver.nix create mode 100644 wanda/services/yubikey-agent.nix create mode 100644 wanda/services/zerotier.nix create mode 100644 wanda/system/name.nix create mode 100644 wanda/system/stateVersion.nix create mode 100644 wanda/systemd/oomd.nix create mode 100644 wanda/systemd/slices/root-slice.nix create mode 100644 wanda/systemd/slices/system-slice.nix create mode 100644 wanda/systemd/slices/user-slice.nix create mode 100644 wanda/time/timeZone.nix create mode 100644 wanda/users/mutableUsers.nix create mode 100644 wanda/users/users/hand7s.nix create mode 100644 wanda/users/users/root.nix create mode 100644 wanda/virtualisation/docker.nix create mode 100644 wanda/wsl/default.nix create mode 100644 wanda/wsl/wslConf.nix create mode 100644 wanda/xdg/icons.nix create mode 100644 wanda/xdg/mime.nix create mode 100644 wanda/xdg/portal.nix diff --git a/flake.nix b/flake.nix index 6789c61..7123fba 100644 --- a/flake.nix +++ b/flake.nix @@ -593,6 +593,29 @@ inputs.nix-mineral.nixosModules.nix-mineral ]; }; + + # WSL2 + "wanda" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/wanda/" + inputs.agenix.nixosModules.default + inputs.nixos-wsl.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; }; # deploy-rs diff --git a/wanda/console/console.nix b/wanda/console/console.nix new file mode 100644 index 0000000..e3a24c9 --- /dev/null +++ b/wanda/console/console.nix @@ -0,0 +1,5 @@ +_: { + console = { + useXkbConfig = true; + }; +} diff --git a/wanda/default.nix b/wanda/default.nix new file mode 100644 index 0000000..57e97fa --- /dev/null +++ b/wanda/default.nix @@ -0,0 +1,89 @@ +{self, ...}: { + imports = [ + "${self}/wanda/console/console.nix" + + "${self}/wanda/environment/systemPackages.nix" + "${self}/wanda/environment/variables.nix" + + "${self}/wanda/hardware/zram.nix" + "${self}/wanda/hardware/" + + "${self}/wanda/home-manager/users.nix" + + "${self}/wanda/i18n/locales.nix" + + "${self}/wanda/networking/dhcp.nix" + "${self}/wanda/networking/firewall.nix" + "${self}/wanda/networking/hostname.nix" + "${self}/wanda/networking/networkmanager.nix" + "${self}/wanda/networking/wireguard.nix" + "${self}/wanda/networking/nameservers.nix" + "${self}/wanda/networking/hosts.nix" + "${self}/wanda/networking/hostId.nix" + + "${self}/wanda/nix/package.nix" + "${self}/wanda/nix/settings/allowed-users.nix" + "${self}/wanda/nix/settings/experimental-features.nix" + "${self}/wanda/nix/settings/substituters.nix" + "${self}/wanda/nix/settings/trusted-public-keys.nix" + "${self}/wanda/nix/settings/trusted-substituters.nix" + "${self}/wanda/nix/settings/trusted-users.nix" + "${self}/wanda/nix/settings/auto-optimise-store.nix" + + "${self}/wanda/nixpkgs/config.nix" + "${self}/wanda/nixpkgs/system.nix" + + "${self}/wanda/programs/nh.nix" + "${self}/wanda/programs/ssh.nix" + + "${self}/wanda/security/polkit.nix" + "${self}/wanda/security/rtkit.nix" + "${self}/wanda/security/sudo.nix" + "${self}/wanda/security/sudo-rs.nix" + "${self}/wanda/security/pam/yubico.nix" + + "${self}/wanda/services/greetd.nix" + "${self}/wanda/services/libinput.nix" + "${self}/wanda/services/openssh.nix" + "${self}/wanda/services/pipewire.nix" + "${self}/wanda/services/netbird.nix" + "${self}/wanda/services/qmk.nix" + "${self}/wanda/services/scx.nix" + "${self}/wanda/services/xserver.nix" + "${self}/wanda/services/sunshine.nix" + "${self}/wanda/services/usbmuxd.nix" + "${self}/wanda/services/irqbalance.nix" + "${self}/wanda/services/yubikey-agent.nix" + "${self}/wanda/services/resolved.nix" + + "${self}/wanda/sops/defaults.nix" + "${self}/wanda/sops/secrets.nix" + + "${self}/hand7s/stylix/base16Scheme.nix" + "${self}/hand7s/stylix/cursor.nix" + "${self}/hand7s/stylix/defaults.nix" + "${self}/hand7s/stylix/fonts.nix" + "${self}/hand7s/stylix/image.nix" + + "${self}/wanda/system/name.nix" + "${self}/wanda/system/stateVersion.nix" + + "${self}/wanda/systemd/oomd.nix" + "${self}/wanda/systemd/slices/system-slice.nix" + "${self}/wanda/systemd/slices/user-slice.nix" + "${self}/wanda/systemd/slices/root-slice.nix" + + "${self}/wanda/time/timeZone.nix" + + "${self}/wanda/users/users/hand7s.nix" + "${self}/wanda/users/users/root.nix" + "${self}/wanda/users/mutableUsers.nix" + + "${self}/wanda/wsl/" + "${self}/wanda/wsl/wslConf.nix" + + "${self}/wanda/xdg/icons.nix" + "${self}/wanda/xdg/mime.nix" + "${self}/wanda/xdg/portal.nix" + ]; +} diff --git a/wanda/environment/systemPackages.nix b/wanda/environment/systemPackages.nix new file mode 100644 index 0000000..d508dd5 --- /dev/null +++ b/wanda/environment/systemPackages.nix @@ -0,0 +1,17 @@ +{ + pkgs, + lib, + ... +}: { + environment = { + systemPackages = with pkgs; [ + (lib.hiPrio uutils-coreutils-noprefix) + uutils-findutils + uutils-diffutils + xdg-desktop-portal + xdg-desktop-portal-gtk + xdg-desktop-portal-hyprland + home-manager + ]; + }; +} diff --git a/wanda/environment/variables.nix b/wanda/environment/variables.nix new file mode 100644 index 0000000..9c47685 --- /dev/null +++ b/wanda/environment/variables.nix @@ -0,0 +1,17 @@ +{config, ...}: { + environment = { + variables = { + AMD_VULKAN_ICD = "AMDVLK"; + HOSTNAME = config.networking.hostName; + QT_QPA_PLATFORM = "wayland"; + SDL_VIDEODRIVER = "wayland"; + CLUTTER_BACKEND = "wayland"; + GDK_BACKEND = "wayland"; + NIXPKGS_ALLOW_UNFREE = "1"; + NIXPKGS_ALLOW_INSECURE = "1"; + NIXOS_OZONE_WL = "1"; + GRIMBLAST_HIDE_CURSOR = "0"; + TERM = "xterm-256color"; + }; + }; +} diff --git a/wanda/hardware/default.nix b/wanda/hardware/default.nix new file mode 100644 index 0000000..9f37847 --- /dev/null +++ b/wanda/hardware/default.nix @@ -0,0 +1,8 @@ +_: { + hardware = { + enableAllFirmware = true; + enableAllHardware = true; + enableRedistributableFirmware = true; + firmwareCompression = "zstd"; + }; +} diff --git a/wanda/hardware/zram.nix b/wanda/hardware/zram.nix new file mode 100644 index 0000000..0d77537 --- /dev/null +++ b/wanda/hardware/zram.nix @@ -0,0 +1,8 @@ +_: { + zramSwap = { + enable = true; + algorithm = "zstd"; + priority = 100; + memoryPercent = 100; + }; +} diff --git a/wanda/home-manager/users.nix b/wanda/home-manager/users.nix new file mode 100644 index 0000000..ac58a26 --- /dev/null +++ b/wanda/home-manager/users.nix @@ -0,0 +1,28 @@ +{self, ...}: { + home-manager = { + users = { + "hand7s" = { + imports = [ + "${self}/hand7s/" + self.inputs.agenix.homeManagerModules.default + self.inputs.agenix.homeManagerModules.default + self.inputs.spicetify-nix.homeManagerModules.default + self.inputs.hyprland.homeManagerModules.default + self.inputs.chaotic.homeManagerModules.default + self.inputs.sops-nix.homeManagerModules.sops + + self.inputs.nix-index-database.homeModules.nix-index + self.inputs.noctalia.homeModules.default + ]; + }; + }; + + backupFileExtension = "force"; + + extraSpecialArgs = { + inherit + self + ; + }; + }; +} diff --git a/wanda/i18n/locales.nix b/wanda/i18n/locales.nix new file mode 100644 index 0000000..f456740 --- /dev/null +++ b/wanda/i18n/locales.nix @@ -0,0 +1,9 @@ +_: { + i18n = { + defaultLocale = "en_US.UTF-8"; + supportedLocales = [ + "en_US.UTF-8/UTF-8" + "ru_RU.UTF-8/UTF-8" + ]; + }; +} diff --git a/wanda/networking/dhcp.nix b/wanda/networking/dhcp.nix new file mode 100644 index 0000000..0740ea3 --- /dev/null +++ b/wanda/networking/dhcp.nix @@ -0,0 +1,10 @@ +{lib, ...}: { + networking = { + useDHCP = lib.mkDefault true; + dhcpcd = { + enable = true; + persistent = false; + wait = "any"; + }; + }; +} diff --git a/wanda/networking/firewall.nix b/wanda/networking/firewall.nix new file mode 100644 index 0000000..1287f81 --- /dev/null +++ b/wanda/networking/firewall.nix @@ -0,0 +1,8 @@ +_: { + networking = { + firewall = { + allowPing = true; + enable = true; + }; + }; +} diff --git a/wanda/networking/hostId.nix b/wanda/networking/hostId.nix new file mode 100644 index 0000000..585868c --- /dev/null +++ b/wanda/networking/hostId.nix @@ -0,0 +1,5 @@ +_: { + networking = { + hostId = "5c79d468"; + }; +} diff --git a/wanda/networking/hostname.nix b/wanda/networking/hostname.nix new file mode 100644 index 0000000..c91aef8 --- /dev/null +++ b/wanda/networking/hostname.nix @@ -0,0 +1,5 @@ +_: { + networking = { + hostName = "wanda"; + }; +} diff --git a/wanda/networking/hosts.nix b/wanda/networking/hosts.nix new file mode 100644 index 0000000..2ebdee6 --- /dev/null +++ b/wanda/networking/hosts.nix @@ -0,0 +1,7 @@ +_: { + networking = { + hosts = { + # nope. + }; + }; +} diff --git a/wanda/networking/nameservers.nix b/wanda/networking/nameservers.nix new file mode 100644 index 0000000..31726b9 --- /dev/null +++ b/wanda/networking/nameservers.nix @@ -0,0 +1,29 @@ +_: { + networking = { + nameservers = [ + # cf dns + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + + # google dns + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + + # q9 dns + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + + # open dns + "208.67.222.222" + "208.67.220.220" + "2620:119:35::35" + "2620:119:53::53" + ]; + }; +} diff --git a/wanda/networking/networkmanager.nix b/wanda/networking/networkmanager.nix new file mode 100644 index 0000000..474d212 --- /dev/null +++ b/wanda/networking/networkmanager.nix @@ -0,0 +1,9 @@ +_: { + networking = { + networkmanager = { + enable = false; + }; + + useNetworkd = true; + }; +} diff --git a/wanda/networking/timeServers.nix b/wanda/networking/timeServers.nix new file mode 100644 index 0000000..9289ea6 --- /dev/null +++ b/wanda/networking/timeServers.nix @@ -0,0 +1,10 @@ +_: { + networking = { + timeServers = [ + "0.nixos.pool.ntp.org" + "1.nixos.pool.ntp.org" + "2.nixos.pool.ntp.org" + "3.nixos.pool.ntp.org" + ]; + }; +} diff --git a/wanda/networking/wireguard.nix b/wanda/networking/wireguard.nix new file mode 100644 index 0000000..bd2336c --- /dev/null +++ b/wanda/networking/wireguard.nix @@ -0,0 +1,7 @@ +_: { + networking = { + wireguard = { + enable = true; + }; + }; +} diff --git a/wanda/nix/package.nix b/wanda/nix/package.nix new file mode 100644 index 0000000..b2d6823 --- /dev/null +++ b/wanda/nix/package.nix @@ -0,0 +1,5 @@ +{pkgs, ...}: { + nix = { + package = pkgs.nixVersions.latest; + }; +} diff --git a/wanda/nix/settings/allowed-users.nix b/wanda/nix/settings/allowed-users.nix new file mode 100644 index 0000000..0239519 --- /dev/null +++ b/wanda/nix/settings/allowed-users.nix @@ -0,0 +1,10 @@ +_: { + nix = { + settings = { + sandbox = true; + allowed-users = [ + "@wheel" + ]; + }; + }; +} diff --git a/wanda/nix/settings/auto-optimise-store.nix b/wanda/nix/settings/auto-optimise-store.nix new file mode 100644 index 0000000..cb7a22a --- /dev/null +++ b/wanda/nix/settings/auto-optimise-store.nix @@ -0,0 +1,7 @@ +_: { + nix = { + settings = { + auto-optimise-store = true; + }; + }; +} diff --git a/wanda/nix/settings/experimental-features.nix b/wanda/nix/settings/experimental-features.nix new file mode 100644 index 0000000..9c45bc4 --- /dev/null +++ b/wanda/nix/settings/experimental-features.nix @@ -0,0 +1,10 @@ +_: { + nix = { + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + }; + }; +} diff --git a/wanda/nix/settings/substituters.nix b/wanda/nix/settings/substituters.nix new file mode 100644 index 0000000..da0035f --- /dev/null +++ b/wanda/nix/settings/substituters.nix @@ -0,0 +1,19 @@ +_: { + nix = { + settings = { + substituters = [ + # cache.nixos.org + "https://cache.nixos.org" + # cache.garnix.org + "https://cache.garnix.io" + # cachix + "https://nix-community.cachix.org/" + "https://chaotic-nyx.cachix.org/" + "https://hyprland.cachix.org" + "https://chaotic-nyx.cachix.org/" + # nix-community + "https://hydra.nix-community.org/" + ]; + }; + }; +} diff --git a/wanda/nix/settings/trusted-public-keys.nix b/wanda/nix/settings/trusted-public-keys.nix new file mode 100644 index 0000000..4a128cb --- /dev/null +++ b/wanda/nix/settings/trusted-public-keys.nix @@ -0,0 +1,19 @@ +_: { + nix = { + settings = { + trusted-public-keys = [ + # cache.nixos.org + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + # cache.garnix.io + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + # cachix.org + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" + "ags.cachix.org-1:naAvMrz0CuYqeyGNyLgE010iUiuf/qx6kYrUv3NwAJ8=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" + "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" + ]; + }; + }; +} diff --git a/wanda/nix/settings/trusted-substituters.nix b/wanda/nix/settings/trusted-substituters.nix new file mode 100644 index 0000000..b5d0387 --- /dev/null +++ b/wanda/nix/settings/trusted-substituters.nix @@ -0,0 +1,19 @@ +_: { + nix = { + settings = { + trusted-substituters = [ + # cache.nixos.org + "https://nixos-cache-proxy.cofob.dev" + "https://cache.nixos.org" + # cache.garnix.org + "https://cache.garnix.io" + # cachix + "https://nix-community.cachix.org/" + "https://chaotic-nyx.cachix.org/" + "https://ags.cachix.org" + "https://hyprland.cachix.org" + "https://chaotic-nyx.cachix.org/" + ]; + }; + }; +} diff --git a/wanda/nix/settings/trusted-users.nix b/wanda/nix/settings/trusted-users.nix new file mode 100644 index 0000000..4eee825 --- /dev/null +++ b/wanda/nix/settings/trusted-users.nix @@ -0,0 +1,9 @@ +_: { + nix = { + settings = { + trusted-users = [ + "@wheel" + ]; + }; + }; +} diff --git a/wanda/nixpkgs/config.nix b/wanda/nixpkgs/config.nix new file mode 100644 index 0000000..b93e4ef --- /dev/null +++ b/wanda/nixpkgs/config.nix @@ -0,0 +1,8 @@ +_: { + nixpkgs = { + config = { + allowUnfree = true; + allowBroken = true; + }; + }; +} diff --git a/wanda/nixpkgs/overlays.nix b/wanda/nixpkgs/overlays.nix new file mode 100644 index 0000000..8db0844 --- /dev/null +++ b/wanda/nixpkgs/overlays.nix @@ -0,0 +1,6 @@ +_: { + nixpkgs = { + overlays = [ + ]; + }; +} diff --git a/wanda/nixpkgs/system.nix b/wanda/nixpkgs/system.nix new file mode 100644 index 0000000..3cbe59a --- /dev/null +++ b/wanda/nixpkgs/system.nix @@ -0,0 +1,6 @@ +_: { + nixpkgs = { + system = "x86_64-linux"; + hostPlatform = "x86_64-linux"; + }; +} diff --git a/wanda/programs/nh.nix b/wanda/programs/nh.nix new file mode 100644 index 0000000..6d9937d --- /dev/null +++ b/wanda/programs/nh.nix @@ -0,0 +1,12 @@ +_: { + programs = { + nh = { + enable = true; + clean = { + enable = true; + dates = "weekly"; + extraArgs = "--keep 2 --keep-since 2d"; + }; + }; + }; +} diff --git a/wanda/programs/ssh.nix b/wanda/programs/ssh.nix new file mode 100644 index 0000000..017f4c9 --- /dev/null +++ b/wanda/programs/ssh.nix @@ -0,0 +1,8 @@ +_: { + programs = { + ssh = { + startAgent = true; + agentTimeout = "12h"; + }; + }; +} diff --git a/wanda/security/pam/yubico.nix b/wanda/security/pam/yubico.nix new file mode 100644 index 0000000..cd8a4a1 --- /dev/null +++ b/wanda/security/pam/yubico.nix @@ -0,0 +1,15 @@ +_: { + security = { + pam = { + yubico = { + enable = false; + debug = true; + mode = "challenge-response"; + control = "sufficient"; + id = [ + "1873055870" + ]; + }; + }; + }; +} diff --git a/wanda/security/polkit.nix b/wanda/security/polkit.nix new file mode 100644 index 0000000..77e04d1 --- /dev/null +++ b/wanda/security/polkit.nix @@ -0,0 +1,10 @@ +_: { + security = { + polkit = { + enable = true; + adminIdentities = [ + "unix-group:wheel" + ]; + }; + }; +} diff --git a/wanda/security/rtkit.nix b/wanda/security/rtkit.nix new file mode 100644 index 0000000..dd40f89 --- /dev/null +++ b/wanda/security/rtkit.nix @@ -0,0 +1,7 @@ +_: { + security = { + rtkit = { + enable = true; + }; + }; +} diff --git a/wanda/security/sudo-rs.nix b/wanda/security/sudo-rs.nix new file mode 100644 index 0000000..4f270c9 --- /dev/null +++ b/wanda/security/sudo-rs.nix @@ -0,0 +1,9 @@ +_: { + security = { + sudo-rs = { + enable = true; + wheelNeedsPassword = true; + execWheelOnly = true; + }; + }; +} diff --git a/wanda/security/sudo.nix b/wanda/security/sudo.nix new file mode 100644 index 0000000..393528d --- /dev/null +++ b/wanda/security/sudo.nix @@ -0,0 +1,7 @@ +{lib, ...}: { + security = { + sudo = { + enable = lib.mkDefault false; + }; + }; +} diff --git a/wanda/services/greetd.nix b/wanda/services/greetd.nix new file mode 100644 index 0000000..83d2431 --- /dev/null +++ b/wanda/services/greetd.nix @@ -0,0 +1,18 @@ +{ + pkgs, + lib, + ... +}: { + services = { + greetd = { + enable = true; + restart = false; + settings = { + default_session = { + command = "${lib.getExe pkgs.tuigreet} -r -t -c ${lib.getExe' pkgs.hyprland "start-hyprland"} --greet-align center"; + user = "greeter"; + }; + }; + }; + }; +} diff --git a/wanda/services/irqbalance.nix b/wanda/services/irqbalance.nix new file mode 100644 index 0000000..ee8472e --- /dev/null +++ b/wanda/services/irqbalance.nix @@ -0,0 +1,7 @@ +_: { + services = { + irqbalance = { + enable = true; + }; + }; +} diff --git a/wanda/services/libinput.nix b/wanda/services/libinput.nix new file mode 100644 index 0000000..23c2953 --- /dev/null +++ b/wanda/services/libinput.nix @@ -0,0 +1,15 @@ +_: { + services = { + libinput = { + enable = true; + mouse = { + accelProfile = "flat"; + accelSpeed = "-1.0"; + buttonMapping = "1 2 3 4 5 6 7 8 9"; + horizontalScrolling = true; + leftHanded = false; + naturalScrolling = true; + }; + }; + }; +} diff --git a/wanda/services/netbird.nix b/wanda/services/netbird.nix new file mode 100644 index 0000000..f375f14 --- /dev/null +++ b/wanda/services/netbird.nix @@ -0,0 +1,7 @@ +_: { + services = { + netbird = { + enable = true; + }; + }; +} diff --git a/wanda/services/openssh.nix b/wanda/services/openssh.nix new file mode 100644 index 0000000..989beca --- /dev/null +++ b/wanda/services/openssh.nix @@ -0,0 +1,22 @@ +{config, ...}: { + services = { + openssh = { + enable = true; + allowSFTP = true; + openFirewall = true; + ports = [ + 48630 + ]; + + settings = { + PrintMotd = false; + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + + authorizedKeysFiles = [ + config.sops.secrets.sshKey.path + ]; + }; + }; +} diff --git a/wanda/services/pipewire.nix b/wanda/services/pipewire.nix new file mode 100644 index 0000000..43a9f4e --- /dev/null +++ b/wanda/services/pipewire.nix @@ -0,0 +1,66 @@ +_: { + services = { + pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + + audio = { + enable = true; + }; + + pulse = { + enable = true; + }; + + jack = { + enable = true; + }; + + wireplumber = { + enable = true; + }; + + extraConfig = { + pipewire = { + # PIPEWIRE_PROPS=node.force-rate=0 + "92-low-latency" = { + "context.properties" = { + "default.clock.rate" = 48000; + "default.clock.allowed-rates" = [ + 44100 + 48000 + 88200 + 96000 + ]; + + "default.clock.min-quantum" = 512; + "default.clock.quantum" = 4096; + "default.clock.max-quantum" = 8192; + }; + }; + + "93-no-resampling" = { + "context.properties" = { + "default.clock.rate" = 48000; + "default.clock.allowed-rates" = [ + 44100 + 48000 + 96000 + 192000 + ]; + }; + }; + + "94-no-upmixing" = { + "stream.properties" = { + "channelmix.upmix" = false; + }; + }; + }; + }; + }; + }; +} diff --git a/wanda/services/qmk.nix b/wanda/services/qmk.nix new file mode 100644 index 0000000..d193c5d --- /dev/null +++ b/wanda/services/qmk.nix @@ -0,0 +1,9 @@ +{pkgs, ...}: { + services = { + udev = { + packages = with pkgs; [ + qmk-udev-rules + ]; + }; + }; +} diff --git a/wanda/services/resolved.nix b/wanda/services/resolved.nix new file mode 100644 index 0000000..8c268e8 --- /dev/null +++ b/wanda/services/resolved.nix @@ -0,0 +1,39 @@ +_: { + services = { + resolved = { + enable = true; + dnsovertls = "true"; + dnssec = "true"; + llmnr = "true"; + domains = [ + "~." + ]; + + fallbackDns = [ + # cf dns + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + + # google dns + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + + # q9 dns + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + + # open dns + "208.67.222.222" + "208.67.220.220" + "2620:119:35::35" + "2620:119:53::53" + ]; + }; + }; +} diff --git a/wanda/services/scx.nix b/wanda/services/scx.nix new file mode 100644 index 0000000..2ab435e --- /dev/null +++ b/wanda/services/scx.nix @@ -0,0 +1,8 @@ +_: { + services = { + scx = { + enable = true; + scheduler = "scx_cosmos"; + }; + }; +} diff --git a/wanda/services/sunshine.nix b/wanda/services/sunshine.nix new file mode 100644 index 0000000..25a9a56 --- /dev/null +++ b/wanda/services/sunshine.nix @@ -0,0 +1,10 @@ +_: { + services = { + sunshine = { + enable = true; + capSysAdmin = true; + openFirewall = true; + autoStart = true; + }; + }; +} diff --git a/wanda/services/usbmuxd.nix b/wanda/services/usbmuxd.nix new file mode 100644 index 0000000..34606ed --- /dev/null +++ b/wanda/services/usbmuxd.nix @@ -0,0 +1,8 @@ +{pkgs, ...}: { + services = { + usbmuxd = { + enable = true; + package = pkgs.usbmuxd2; + }; + }; +} diff --git a/wanda/services/xserver.nix b/wanda/services/xserver.nix new file mode 100644 index 0000000..370a47d --- /dev/null +++ b/wanda/services/xserver.nix @@ -0,0 +1,26 @@ +{ + lib, + pkgs, + ... +}: { + services = { + xserver = { + display = lib.mkForce 0; + enable = true; + + excludePackages = with pkgs; [ + xterm + ]; + + videoDrivers = [ + "modesetting" + ]; + + xkb = { + layout = "us, ru"; + variant = ""; + options = "grp:caps_toggle"; + }; + }; + }; +} diff --git a/wanda/services/yubikey-agent.nix b/wanda/services/yubikey-agent.nix new file mode 100644 index 0000000..4fcfbc2 --- /dev/null +++ b/wanda/services/yubikey-agent.nix @@ -0,0 +1,8 @@ +{pkgs, ...}: { + services = { + yubikey-agent = { + package = pkgs.yubikey-agent; + enable = false; + }; + }; +} diff --git a/wanda/services/zerotier.nix b/wanda/services/zerotier.nix new file mode 100644 index 0000000..42e91a8 --- /dev/null +++ b/wanda/services/zerotier.nix @@ -0,0 +1,10 @@ +_: { + services = { + zerotierone = { + enable = true; + joinNetworks = [ + # + ]; + }; + }; +} diff --git a/wanda/system/name.nix b/wanda/system/name.nix new file mode 100644 index 0000000..0b4488b --- /dev/null +++ b/wanda/system/name.nix @@ -0,0 +1,5 @@ +{config, ...}: { + system = { + name = config.networking.hostName; + }; +} diff --git a/wanda/system/stateVersion.nix b/wanda/system/stateVersion.nix new file mode 100644 index 0000000..9e437fe --- /dev/null +++ b/wanda/system/stateVersion.nix @@ -0,0 +1,5 @@ +{config, ...}: { + system = { + stateVersion = config.system.nixos.release; + }; +} diff --git a/wanda/systemd/oomd.nix b/wanda/systemd/oomd.nix new file mode 100644 index 0000000..bb9a200 --- /dev/null +++ b/wanda/systemd/oomd.nix @@ -0,0 +1,10 @@ +_: { + systemd = { + oomd = { + enable = true; + enableUserSlices = true; + enableSystemSlice = true; + enableRootSlice = true; + }; + }; +} diff --git a/wanda/systemd/slices/root-slice.nix b/wanda/systemd/slices/root-slice.nix new file mode 100644 index 0000000..6a386e9 --- /dev/null +++ b/wanda/systemd/slices/root-slice.nix @@ -0,0 +1,14 @@ +_: { + systemd = { + slices = { + root = { + sliceConfig = { + ManagedOOMSwap = "kill"; + ManagedOOMMemoryPressure = "kill"; + ManagedOOMMemoryPressureLimit = "40%"; + ManagedOOMMemoryPressureDurationSec = 0; + }; + }; + }; + }; +} diff --git a/wanda/systemd/slices/system-slice.nix b/wanda/systemd/slices/system-slice.nix new file mode 100644 index 0000000..4de4bba --- /dev/null +++ b/wanda/systemd/slices/system-slice.nix @@ -0,0 +1,14 @@ +_: { + systemd = { + slices = { + system = { + sliceConfig = { + ManagedOOMSwap = "kill"; + ManagedOOMMemoryPressure = "kill"; + ManagedOOMMemoryPressureLimit = "40%"; + ManagedOOMMemoryPressureDurationSec = 0; + }; + }; + }; + }; +} diff --git a/wanda/systemd/slices/user-slice.nix b/wanda/systemd/slices/user-slice.nix new file mode 100644 index 0000000..311e668 --- /dev/null +++ b/wanda/systemd/slices/user-slice.nix @@ -0,0 +1,14 @@ +_: { + systemd = { + slices = { + user = { + sliceConfig = { + ManagedOOMSwap = "kill"; + ManagedOOMMemoryPressure = "kill"; + ManagedOOMMemoryPressureLimit = "40%"; + ManagedOOMMemoryPressureDurationSec = 0; + }; + }; + }; + }; +} diff --git a/wanda/time/timeZone.nix b/wanda/time/timeZone.nix new file mode 100644 index 0000000..cef1656 --- /dev/null +++ b/wanda/time/timeZone.nix @@ -0,0 +1,6 @@ +_: { + time = { + timeZone = "Europe/Moscow"; + hardwareClockInLocalTime = true; + }; +} diff --git a/wanda/users/mutableUsers.nix b/wanda/users/mutableUsers.nix new file mode 100644 index 0000000..9bb56d0 --- /dev/null +++ b/wanda/users/mutableUsers.nix @@ -0,0 +1,5 @@ +_: { + users = { + mutableUsers = false; + }; +} diff --git a/wanda/users/users/hand7s.nix b/wanda/users/users/hand7s.nix new file mode 100644 index 0000000..39aed35 --- /dev/null +++ b/wanda/users/users/hand7s.nix @@ -0,0 +1,15 @@ +_: { + users = { + users = { + "hand7s" = { + description = "me"; + isSystemUser = false; + isNormalUser = true; + initialHashedPassword = "$6$ckgRhNWmJgSwOUpJ$kfeAdokd5fa76HWbTmWN2YXx4M/PQVOTJku1ODbqbBhEkUFiLftdaJFRnNXfIM3Jtz0ShoRMSVCB7mDkxDrdi/"; + extraGroups = [ + "wheel" + ]; + }; + }; + }; +} diff --git a/wanda/users/users/root.nix b/wanda/users/users/root.nix new file mode 100644 index 0000000..faa89b7 --- /dev/null +++ b/wanda/users/users/root.nix @@ -0,0 +1,9 @@ +_: { + users = { + users = { + "root" = { + initialHashedPassword = "$6$n4OLMvYHHStHvtmr$6OL0NV1dEM2b6oJRewkhuoFxM80lI67tfbJ6QkCg8WAA1gbeKrcwDAuJjm8zvpY4zcDR3Z5Zbo8uebfOi6XXF0"; + }; + }; + }; +} diff --git a/wanda/virtualisation/docker.nix b/wanda/virtualisation/docker.nix new file mode 100644 index 0000000..805ac30 --- /dev/null +++ b/wanda/virtualisation/docker.nix @@ -0,0 +1,10 @@ +_: { + virtualisation = { + docker = { + enable = true; + rootless = { + enable = true; + }; + }; + }; +} diff --git a/wanda/wsl/default.nix b/wanda/wsl/default.nix new file mode 100644 index 0000000..aded930 --- /dev/null +++ b/wanda/wsl/default.nix @@ -0,0 +1,8 @@ +_: { + wsl = { + enable = true; + defaultUser = "hand7s"; + startMenuLaunchers = true; + useWindowsDriver = true; + }; +} diff --git a/wanda/wsl/wslConf.nix b/wanda/wsl/wslConf.nix new file mode 100644 index 0000000..43f3877 --- /dev/null +++ b/wanda/wsl/wslConf.nix @@ -0,0 +1,13 @@ +_: { + wsl = { + wslConf = { + automount = { + enable = true; + }; + + user = { + default = "hand7s"; + }; + }; + }; +} diff --git a/wanda/xdg/icons.nix b/wanda/xdg/icons.nix new file mode 100644 index 0000000..7c75adf --- /dev/null +++ b/wanda/xdg/icons.nix @@ -0,0 +1,7 @@ +_: { + xdg = { + icons = { + enable = true; + }; + }; +} diff --git a/wanda/xdg/mime.nix b/wanda/xdg/mime.nix new file mode 100644 index 0000000..9197f59 --- /dev/null +++ b/wanda/xdg/mime.nix @@ -0,0 +1,11 @@ +_: { + xdg = { + mime = { + enable = true; + defaultApplications = { + "x-scheme-handler/http" = "google-chrome.desktop"; + "x-scheme-handler/https" = "google-chrome.desktop"; + }; + }; + }; +} diff --git a/wanda/xdg/portal.nix b/wanda/xdg/portal.nix new file mode 100644 index 0000000..ff26e0a --- /dev/null +++ b/wanda/xdg/portal.nix @@ -0,0 +1,35 @@ +{pkgs, ...}: { + xdg = { + portal = { + enable = true; + + config = { + common = { + "org.freedesktop.impl.portal.FileChooser" = "termfilechooser"; + + default = [ + "gtk" + ]; + }; + + hyprland = { + "org.freedesktop.impl.portal.FileChooser" = [ + "termfilechooser" + ]; + + preferred = [ + "gtk" + "hyprland" + ]; + }; + }; + + extraPortals = with pkgs; [ + xdg-desktop-portal + xdg-desktop-portal-gtk + xdg-desktop-portal-hyprland + xdg-desktop-portal-termfilechooser + ]; + }; + }; +}